Information Security Policy

Effective Date: January 1, 2026

1. Purpose

This Information Security Policy establishes the framework for protecting the confidentiality, integrity, and availability of information assets at Bhavyam Infotech Services Pte. Ltd ("Bhavyam"). This policy applies to all employees, contractors, consultants, and third-party partners who access Bhavyam's information systems and data.

2. Scope

This policy covers all information assets owned, operated, or managed by Bhavyam Infotech, including but not limited to:

• Electronic data and information systems
• Network infrastructure and communication systems
• Software applications and development environments
• Physical facilities and equipment
• Client data and proprietary information
• Employee and business partner data

3. Information Security Principles

Bhavyam Infotech adheres to the following core information security principles:

• Confidentiality: Ensuring that information is accessible only to authorized individuals
• Integrity: Safeguarding the accuracy and completeness of information and processing methods
• Availability: Ensuring that authorized users have reliable and timely access to information when needed

4. Access Control

Access to information systems and data is granted on a need-to-know and least-privilege basis. We implement:

• Role-based access control (RBAC) for all systems
• Multi-factor authentication (MFA) for critical systems and remote access
• Regular access reviews and prompt revocation of access upon role changes or termination
• Strong password policies with periodic rotation requirements

5. Data Protection

Bhavyam Infotech implements comprehensive data protection measures:

• Encryption of sensitive data at rest and in transit
• Data classification and handling procedures based on sensitivity levels
• Secure data disposal and destruction methods
• Data backup and recovery procedures with regular testing
• Compliance with PDPA (Singapore) and applicable data protection regulations

6. Network and Infrastructure Security

Our network and infrastructure security measures include:

• Firewalls, intrusion detection, and prevention systems
• Network segmentation and monitoring
• Regular vulnerability assessments and penetration testing
• Endpoint protection and patch management
• Secure configuration standards for all systems

7. Incident Management

Bhavyam Infotech maintains a structured incident management process:

• Defined procedures for detecting, reporting, and responding to security incidents
• Designated incident response team with clear roles and responsibilities
• Escalation procedures and communication protocols
• Post-incident analysis and corrective action implementation
• Regulatory notification procedures where required

8. Business Continuity

We maintain business continuity and disaster recovery plans to ensure the resilience of our operations:

• Business impact analysis and risk assessment
• Disaster recovery plans for critical systems and data
• Regular testing and updating of continuity plans
• Redundant systems and failover mechanisms

9. Employee Awareness and Training

All employees and contractors receive regular information security training, including:

• Security awareness onboarding for new joiners
• Periodic refresher training on current threats and best practices
• Phishing simulation exercises
• Role-specific security training for technical staff

10. Third-Party Security

Bhavyam Infotech ensures that third-party partners and vendors maintain adequate security standards:

• Security assessments prior to engagement
• Contractual security requirements and data processing agreements
• Regular monitoring and review of third-party compliance

11. Compliance and Audit

This policy is reviewed and updated annually, or whenever significant changes occur in our business operations or the threat landscape. Compliance with this policy is monitored through regular internal audits and management reviews.

12. Contact Information

For questions or concerns regarding information security at Bhavyam Infotech, please contact: