Overview and Objective

Vertel Corporation recognizes that information is one of its most critical assets. This policy aims to protect the confidentiality integrity and availability of information managed by the company and to ensure compliance with applicable data protection laws. It also reinforces the organization’s responsibility to protect the privacy of personal and sensitive data belonging to employees clients partners and stakeholders.

Scope

This policy applies to all employees executives contractors consultants and third-party service providers who collect access store process transmit or manage any form of data within Vertel’s operations. It covers all information systems networks cloud environments physical documentation and electronic communications across all subsidiaries and jurisdictions.

Data Classification and Access Control

Vertel uses a data classification framework to distinguish between public internal confidential and restricted data. Access to each category of data is determined by job function and granted based on the principle of least privilege. Information owners and data custodians are responsible for reviewing and updating access rights periodically. Unauthorized access attempts are logged reviewed and may result in disciplinary actions.

Data Privacy and Personal Information

Vertel complies with international and local data protection regulations including GDPR and relevant Vietnamese Russian Kazakh and Chinese privacy laws. Personal information is only collected for legitimate business purposes and handled with transparency and fairness. Individuals are informed about the nature purpose and scope of data collected and their rights to access correct or request deletion of their information. Data is retained only as long as necessary and securely deleted when no longer needed.

Cybersecurity and Incident Response

Vertel maintains multi-layered cybersecurity defenses including firewalls intrusion detection systems anti-malware tools regular vulnerability scans and employee awareness programs. All incidents including suspected data breaches must be reported immediately to the Information Security Team. The company follows a structured incident response plan involving containment investigation recovery and reporting. Lessons learned are used to improve future responses and prevent recurrence.

Third-Party and Vendor Security

Third-party vendors with access to Vertel’s information or infrastructure must undergo security due diligence and sign binding agreements that include privacy and confidentiality clauses. Regular audits and performance reviews are conducted to ensure compliance with company standards. In case of a breach by a vendor the company retains the right to impose corrective measures or terminate the relationship.

Employee Responsibility and Training

Employees are required to safeguard all company information and to report any security risks or suspicious activity. Training on information security and data privacy is mandatory during onboarding and repeated annually. Topics include password hygiene phishing awareness secure data handling mobile and remote work security and compliance protocols. Employees must acknowledge their responsibilities through formal acceptance of this policy.

Monitoring and Continuous Improvement

Vertel monitors its networks systems and data activity to detect anomalies and enforce policy compliance. The Information Security and Data Privacy Policy is reviewed annually and whenever significant changes in law technology or business strategy occur. Input from stakeholders including security experts legal advisors and end users is incorporated into each revision.