LDTech is committed to ensuring the security and confidentiality of all data and information assets within its purview.
This Security Policy outlines the measures and guidelines to safeguard our systems, networks, and data against
unauthorized access, breaches, and threats.

• Information Security Governance

  1.1. Responsibility: The Chief Information Security Officer (CISO) is responsible for overseeing the implementation and adherence to this Security Policy. All employees, contractors, and third-party vendors must comply with the policies outlined herein.

  1.2. Compliance: LDTech will comply with all relevant laws, regulations, and industry standards pertaining to information security, including GDPR, HIPAA, and other applicable regulations.

• Access Control 2.1. User Access: Access to systems, networks, and data will be granted on a need-to-know basis. User access will be reviewed regularly and revoked promptly upon termination of employment or contract.
  2.2. Authentication: Multi-factor authentication (MFA) will be enforced for accessing sensitive systems and data. Strong password policies will be implemented, including regular password updates.
• Data Protection3.1. Data Classification: Data will be classified based on sensitivity and confidentiality levels. Adequate controls and encryption will be applied to protect sensitive and personal data.
  

  3.2. Data Handling: All data will be handled and stored in accordance with applicable laws and regulations. Data transmission will be encrypted using industry-standard protocols.

• Network Security 4.1. Firewall Protection: Firewalls will be deployed to monitor and control traffic between internal and external networks, preventing unauthorized access and data breaches.
  4.2. Intrusion Detection and Prevention: Intrusion detection and prevention systems (IDPS) will be
  implemented to identify and mitigate threats in real-time.
• Incident Response 5.1. Reporting: All security incidents, breaches, or suspected vulnerabilities must be reported immediately to the CISO or designated security personnel.
  5.2. Response Plan: LDTech will maintain an incident response plan outlining procedures for identifying, containing, eradicating, and recovering from security incidents.
• Training and Awareness6.1. Security Awareness: Regular security awareness training will be provided to all employees, contractors, and third-party vendors to educate them about security risks and best practices.
  6.2. Policy Review: This Security Policy will be reviewed annually and updated as necessary to address
  emerging threats and changes in technology or regulations.
• Compliance Monitoring7.1. Auditing: Regular audits and assessments will be conducted to evaluate compliance with this Security Policy and identify areas for improvement.
  7.2. Penetration Testing: Periodic penetration testing and vulnerability assessments will be conducted to identify and remediate potential security vulnerabilities.
• Enforcement8.1. Non-Compliance: Violations of this Security Policy may result in disciplinary action, including termination of employment or contract, legal action, and financial penalties.
  8.2. Reporting: Any concerns or suspected violations of this Security Policy should be reported to the
  CISO or designated security personnel for investigation and resolution.

By adhering to this Security Policy, LDTech aims to maintain the confidentiality, integrity, and availability of its
information assets and uphold the trust of its customers, partners, and stakeholders.