1. Purpose

This policy outlines Lacuna Space Ltd’s commitment to safeguarding the confidentiality, integrity, and availability of its data and information systems against cyber threats, breaches, and unauthorized access.

2. Scope

This policy applies to all employees, contractors, consultants, and third parties who have access to Lacuna Space Ltd’s information systems, networks, and data.

3. Objectives

  • Protect sensitive and personal data
  • Ensure secure and resilient IT infrastructure
  • Detect, prevent, and respond to cyber threats
  • Comply with applicable data protection regulations (e.g., GDPR, UK Data Protection Act)

4. Key Principles

  • Data Confidentiality: Ensure that data is accessible only to those authorized to have access.
  • Data Integrity: Safeguard the accuracy and completeness of information.
  • Data Availability: Ensure that authorized users have access to information and systems when required.

5. Responsibilities

  • All Staff: Required to follow security practices, attend training, and report suspicious activities.

6. Acceptable Use

Employees must:

  • Use company systems and data for authorized purposes only.
  • Not install unauthorized software or hardware.
  • Protect passwords and report suspected breaches immediately.

7. Access Controls

  • Role-based access to systems and data
  • Multi-factor authentication (MFA) where applicable
  • Regular audits of access rights

8. Data Protection Measures

  • Encryption of sensitive data
  • Secure backups stored in multiple locations
  • Secure disposal of obsolete data and devices

9. Cyber Threat Management

  • Firewall and antivirus protections
  • Regular software updates and patch management
  • Monitoring of network activity and incident response procedures

10. Training and Awareness

All employees will receive regular training on data security, phishing awareness, and incident reporting. Training is part of onboarding for all new staff.

11. Incident Response

Security incidents must be reported immediately to the IT department. A documented incident response plan will be followed to minimize damage and recover services.

12. Review and Compliance

This policy will be reviewed annually or after a significant incident or regulatory change. Non-compliance may result in disciplinary action or termination.

Lacuna-Space-Data-and-Cyber-Security-PolicyDownload