1. Purpose of the Policy The purpose of this Cyber Security Policy is to protect the digital assets, personal data, systems, and operations of SSW Foundation from cyber threats, unauthorized access, data loss, and misuse. This policy ensures a safe, secure, and resilient digital environment for all staff, volunteers, beneficiaries, donors, and partners.
2. Scope This policy applies to:

(a) All employees, volunteers, interns, and management personnel

(b) All devices (computers, mobile phones, tablets, servers) used for Foundation work

(c) All digital platforms, websites, cloud services, and data storage systems

(d) Third-party vendors or partners with access to SSW Foundation systems

3. Cyber Security Objectives SSW Foundation is committed to:

(a) Protecting sensitive data from unauthorized access

(b) Ensuring confidentiality, integrity, and availability of information

(c) Preventing cyberattacks, malware, phishing, and data breaches

(d) Maintaining secure digital operations across all departments

4. Roles & Responsibilities

4.1 Management Responsibilities

(a) Ensure implementation of cyber security standards

(b) Allocate resources for digital safety and training

(c) Approve cyber security updates and improvements

4.2 Employee & Volunteer Responsibilities     All personnel must:

(a) Follow this Cyber Security Policy

(b) Use secure passwords and protect login credentials

(c) Report suspicious activity immediately

(d) Use Foundation-approved devices only for official work

4.3 IT / Technical Team Responsibilities

(a) Maintain updated systems, software, and antivirus programs

(b) Monitor network activity

(c) Perform regular security audits and backups

(d) Respond to security incidents quickly

5. Acceptable Use of Technology All users must:

(a) Use SSW Foundation devices responsibly

(b) Access the internet and email for legitimate work purposes

(c) Avoid visiting suspicious websites or downloading unauthorized files

(d) Not install unapproved software or applications

Any misuse of technology may result in disciplinary action.

6. Password & Authentication Policy To maintain secure access:

(a) Passwords must be strong, unique, and changed every 90 days

(b) Multi-factor authentication (MFA) must be used wherever possible

(c) Passwords must never be shared or written down

(d) Access to systems is given only based on role and responsibility

7. Data Protection Measures SSW Foundation ensures:

(a) Personal and sensitive data is stored securely

(b) Access to data is limited to authorized personnel only

(c) Confidential files are encrypted and password-protected

(d) Backups are performed regularly and stored safely

Data collected from donors, beneficiaries, and employees is handled strictly according to privacy regulations.

8. Email, Internet, & Communication Safety All users must:

(a) Beware of phishing emails and suspicious links

(b) Verify the legitimacy of attachments before downloading

(c) Avoid sharing confidential information over unsecured channels

(d) Use official email accounts for Foundation work

Suspicious emails must be reported immediately to the IT team.

9. Device & Network Security

9.1 Devices

(a) All devices must have updated antivirus software

(b) Operating systems and applications must be regularly patched

(c) Lost or stolen devices must be reported immediately

9.2 Network

(a) Wi-Fi access must be secure and password-protected

(b) Unauthorized devices cannot join SSW Foundation networks

(c) Firewalls and intrusion detection systems must be maintained