#website-logo

Hashtag Website IT Policy

Effective Date: 20/08/2004
Last Updated: 20/08/2024


1. Purpose
This IT Policy ensures the secure and efficient operation of the Hashtag Website, promoting compliance with the **Protection of Personal Information Act (POPIA)** and other relevant regulations. It outlines the principles for managing data, maintaining security, and ensuring business continuity.

2. Scope
This policy applies to all individuals involved in the development, management, and maintenance of the Hashtag Website, including employees, contractors, and third-party service providers.

3. Compliance with POPIA
To safeguard user data and comply with POPIA, Hashtag Website adheres to the following:
– **Data Minimization**: Only collect data strictly necessary for website operations.
– **Consent Management**: Obtain clear and informed consent from users for data collection.
– **Secure Storage**: Store all personal data using encrypted and secure servers.
– **Right to Access and Delete**: Enable users to request access to or deletion of their personal information.

4. Website Security
To maintain the integrity and security of the Hashtag Website:
– Implement **SSL encryption** to secure all communications.
– Use robust **firewall protections** to guard against cyber threats.
– Regularly update software, plugins, and backend systems.
– Perform **penetration testing** and vulnerability scans bi-annually.
– Maintain backups of website data to ensure recovery in case of data loss.

5. User Access Control
– Provide access to the website backend only to authorized personnel.
– Use **multi-factor authentication (MFA)** for login credentials.
– Regularly review and update user roles and permissions.

6. Third-Party Integration
For third-party tools or services integrated into the website:
– Vet all providers for compliance with POPIA and other regulations.
– Ensure data-sharing agreements are in place, specifying confidentiality and security standards.

7. Incident Management
In the event of a security breach:
– Notify affected users within **72 hours** of discovery.
– Document the incident and the response measures taken.
– Conduct a thorough investigation and implement corrective actions to prevent recurrence.

8. Employee Responsibilities
Employees involved with the Hashtag Website must:
– Attend regular training on data privacy and IT security.
– Report any suspicious activities or breaches immediately to the IT team.
– Adhere to password policies and secure device usage protocols.

9. Monitoring and Auditing
– Perform regular audits of website activities, including data access logs and security systems.
– Review this policy annually to incorporate changes in technology, regulations, or business needs.

10. Enforcement
Non-compliance with this policy may result in disciplinary action or termination of contracts. Legal actions may be pursued for deliberate breaches.

Contact Information
For questions or concerns about this policy, please contact:
– **IT Security Team**
Email: website@hashtagwebsite.co.za
Phone: +27 82 301 3169
+27 84 011 5689

This policy ensures that the Hashtag Website operates securely, complies with legal obligations, and prioritises user trust.