GenerativeTek

Loading

Information Security Policy

Information Security Policy

GenerativeTek Ltd

1. Purpose

GenerativeTek Ltd is committed to protecting the confidentiality, integrity, and availability of information entrusted to us by our clients, employees, partners, and stakeholders. This Information Security Policy establishes the principles and requirements for safeguarding information assets and reducing cybersecurity risks.

2. Scope

This policy applies to all employees, contractors, consultants, temporary staff, and third parties who access, process, store, or transmit information on behalf of GenerativeTek Ltd.

3. Information Security Objectives

GenerativeTek Ltd aims to:

  • Protect confidential and sensitive information from unauthorized access, disclosure, alteration, or destruction.
  • Ensure the availability and reliability of business systems and services.
  • Comply with applicable legal, regulatory, and contractual requirements.
  • Minimize risks associated with cyber threats, data breaches, and operational disruptions.
  • Promote security awareness among personnel and stakeholders.

4. Access Control

  • Access to company systems and information shall be granted on a need-to-know basis.
  • User accounts must be individually assigned and protected by strong passwords.
  • Access rights shall be reviewed periodically and revoked when no longer required.

5. Data Protection

  • Sensitive business and customer information shall be protected using appropriate security controls.
  • Information shall only be collected, processed, stored, and shared for legitimate business purposes.
  • Data backups shall be maintained and protected against unauthorized access.

6. Asset Management

  • Company devices, software, and information assets shall be used responsibly and for authorized business purposes.
  • Employees are responsible for safeguarding company-issued equipment and credentials.

7. Network and System Security

  • Systems shall be protected through appropriate security measures, including antivirus protection, firewalls, software updates, and secure configurations.
  • Security vulnerabilities shall be identified and addressed in a timely manner.

8. Incident Management

  • Any actual or suspected security incident must be reported immediately to management.
  • Security incidents shall be investigated, documented, and resolved promptly.
  • Appropriate corrective actions shall be implemented to prevent recurrence.

9. Employee Responsibilities

All personnel are responsible for:

  • Following information security policies and procedures.
  • Protecting passwords and access credentials.
  • Reporting security incidents, vulnerabilities, or suspicious activities.
  • Participating in security awareness and training initiatives when required.

10. Third-Party Security

GenerativeTek Ltd expects suppliers, contractors, and service providers to maintain appropriate security measures when accessing company or customer information.

11. Compliance

GenerativeTek Ltd complies with applicable laws, regulations, contractual obligations, and industry best practices relating to information security, privacy, and data protection.

13. Employee Welfare, Labor Practices, and Human Rights

GenerativeTek Ltd is committed to maintaining a safe, respectful, inclusive, and ethical workplace that upholds fundamental human rights and labor standards.

The company is committed to:

Employee Health, Safety, and Environment (HSE)

  • Providing a safe and healthy working environment.
  • Promoting employee well-being and workplace safety practices.
  • Complying with applicable occupational health and safety requirements.

Working Conditions

  • Providing fair and lawful working conditions in accordance with applicable labor laws.
  • Ensuring employees are treated with dignity, respect, and fairness.

Labor Relations

  • Maintaining open communication between management and employees.
  • Respecting employee rights under applicable labor regulations.

Career Management

  • Supporting employee development through learning opportunities, skills enhancement, and professional growth.
  • Encouraging performance improvement and career advancement.

Child Labor and Forced Labor

  • Prohibiting all forms of child labor, forced labor, compulsory labor, human trafficking, and any form of exploitation.
  • Conducting business in accordance with applicable labor and human rights laws.

Diversity, Equity, and Inclusion (DEI)

  • Promoting equal opportunity and non-discrimination in recruitment, employment, promotion, and compensation.
  • Fostering an inclusive workplace that respects diversity regardless of gender, age, disability, ethnicity, nationality, religion, or other protected characteristics.

GenerativeTek Ltd expects employees, contractors, suppliers, and business partners to uphold these principles and comply with all applicable labor, human rights, and ethical business standards.

14. Policy Review

This policy shall be reviewed periodically and updated as necessary to address changes in business operations, technology, legal requirements, and emerging security threats.

Approved By:
Setako Vedaste
Managing Director
GenerativeTek Ltd

Contact:
Email: info@generativetek.com
Website: www.generativetek.com

Tel: +250784443844/ +250736401645

Effective Date: 7 April 2026