1. Introduction

Global Staffing Solutions Ltd TA GSS Tech Solutions (hereinafter referred to as “GSS Tech Solutions” or "the Company") is committed to safeguarding its digital infrastructure, client data, and intellectual property through the implementation of robust cybersecurity measures. As a leading provider of digital solutions, including website development, mobile app development, and cloud services, it is essential that we protect both our internal systems and the confidential information entrusted to us by clients, employees, and partners.

This Cyber Security Policy outlines the principles and procedures that GSS Tech Solutions adheres to in order to ensure the confidentiality, integrity, and availability of information within our systems.

2. Scope

This policy applies to all employees, contractors, consultants, temporary workers, and third parties who have access to GSS Tech Solutions' information systems and digital assets. This policy governs all digital services, including but not limited to website development, mobile application development, software development, digital marketing, and cloud infrastructure management.

3. Objectives

The key objectives of this Cyber Security Policy are to:

• • Protect the Company’s systems, networks, and data from unauthorized access, cyber-attacks, and data breaches.
• • Ensure the confidentiality, integrity, and availability of sensitive information.
• • Comply with relevant legal, regulatory, and contractual obligations regarding data protection.
• • Promote a culture of cybersecurity awareness among all employees and stakeholders.
• • Continuously monitor, assess, and improve the cybersecurity posture of the Company.

4. Information Security Principles

GSS Tech Solutions follows the following principles to protect information and digital infrastructure:

• • Confidentiality: Only authorized individuals will have access to specific information and data based on their role and responsibilities.
• • Integrity: Information must be accurate, consistent, and reliable throughout its lifecycle.
• • Availability: Systems and information will be readily accessible to authorized users when required, and any downtime will be minimized.

5. Cybersecurity Governance

To ensure that the cybersecurity policy is effectively implemented, GSS Tech Solutions establishes the following governance structure:

• • Cybersecurity Officer (CSO): Responsible for overseeing the implementation and enforcement of cybersecurity policies and procedures.
• • IT Security Team: A dedicated team responsible for the day-to-day management of security systems, monitoring vulnerabilities, and conducting risk assessments.
• • Employee Training: All employees will undergo regular training sessions on cybersecurity best practices, including how to identify phishing attempts, secure passwords, and safely handle sensitive information.

6. Access Control

Access to the Company's systems and information is strictly controlled to minimize the risk of unauthorized access:

• • User Authentication: All users must authenticate their identity through strong authentication mechanisms (e.g., multi-factor authentication) before accessing any internal system.
• • Role-Based Access Control (RBAC): Access to sensitive information and systems will be granted based on employees' roles and job responsibilities. Employees will only have access to the data necessary to perform their duties.
• • User Accounts: Employees and contractors will be assigned individual user accounts and must never share passwords or access credentials with others.

7. Data Protection and Privacy

GSS Tech Solutions takes the protection of personal and sensitive data seriously:

• • Data Encryption: All sensitive data, whether stored or transmitted, will be encrypted using industry-standard encryption protocols.
• • Data Retention: The Company will retain client data only for as long as necessary to fulfill its contractual obligations and legal requirements.
• • Third-Party Data Sharing: Any third-party providers or partners that have access to client data will be bound by confidentiality agreements and cybersecurity standards equivalent to those followed by GSS Tech Solutions.

8. Network Security

To safeguard the Company’s networks from external threats, we will implement the following security measures:

• • Firewalls: All internal networks will be protected by firewalls to block unauthorized access and monitor network traffic.
• • Intrusion Detection/Prevention Systems (IDS/IPS): We will deploy IDS/IPS systems to detect and respond to any suspicious activity on the network.
• • Virtual Private Network (VPN): Employees and contractors accessing the network remotely must use secure VPN connections to ensure data privacy and protection from external threats.

9. Incident Response

In the event of a cybersecurity breach, GSS Tech Solutions has a clear, well-documented incident response process:

• • Incident Reporting: All employees must report any security incident, including suspicious activities, data breaches, or unauthorized access attempts, immediately to the IT security team.
• • Incident Investigation: The IT security team will investigate the incident and assess the impact. The response will include containment, eradication of the threat, and recovery of any compromised systems or data.
• • Post-Incident Review: After resolving the incident, a post-incident review will be conducted to evaluate the response, identify any gaps in the security measures, and implement improvements to prevent future incidents.

10. Regular Security Audits

GSS Tech Solutions will perform regular security audits and vulnerability assessments to identify weaknesses in our systems and networks. The results of these audits will guide future cybersecurity improvements, including system updates, software patches, and process enhancements.

11. Compliance

GSS Tech Solutions will comply with all applicable laws and regulations governing data security, including but not limited to the following:

• • General Data Protection Regulation (GDPR): We ensure that all personal data is processed and protected in accordance with GDPR requirements.
• • Cyber Essentials Certification: GSS Tech Solutions will maintain compliance with Cyber Essentials, a government-backed scheme designed to help organizations protect themselves against cyber threats.

12. Employee Responsibilities

All employees of GSS Tech Solutions are responsible for upholding the Company’s cybersecurity standards:

• • Password Management: Employees are required to use strong, unique passwords for all accounts and change them regularly. Passwords should not be shared or written down.
• • Device Security: Employees must ensure that their devices, such as laptops and smartphones, are secured with passwords or biometric authentication. Devices must be locked when not in use.
• • Safe Internet Usage: Employees should avoid downloading files or accessing websites that may pose a security risk. The use of personal devices for business purposes should be minimized and secure.

13. Conclusion

At GSS Tech Solutions, cybersecurity is an ongoing priority. We are committed to maintaining a secure environment for our systems, employees, clients, and partners. This Cyber Security Policy will be reviewed annually to ensure it remains effective and relevant to emerging threats and technological developments.