Supreme Components International
Contact Us
English
Singapore flag

(+65) 6848 1178

Contact Us
English
Japan
Singapore flag

(+65) 6848 1178

Information Security Policy

Home  > Information Security Policy

At Supreme Components International (SCI), committed to creating a secure environment for our partners, customers, and employees by implementing robust information security practices and continuously improving them. Your trust is essential to us, and we take every measure to protect it. 

Welcome to Supreme Components International (SCI)’s Information Security Policy page. Our commitment to safeguarding your information is fundamental to our operations. This policy outlines how we protect the data entrusted to us, ensuring the confidentiality, integrity, and availability of information at all times. 

1. Purpose

This Information Security Policy aims to protect Supreme Components International’s data assets and the data of our clients, partners, and stakeholders. It sets forth guidelines and procedures to manage information security risks effectively and ensure compliance with regulatory requirements such as the Personal Data Protection Act (PDPA) of Singapore. 

2. Scope

This policy applies to all employees, contractors, suppliers, and third parties with access to Supreme Components International’s information systems. It covers all forms of data, including electronic, physical, and verbal information, throughout the entire lifecycle. 

3. Information Security Objectives

  • Ensure the confidentiality, integrity, and availability of information assets. 
  • Comply with relevant legal and regulatory requirements. 
  • Protect against unauthorized access, misuse, or damage to information. 
  • Maintain business continuity through effective risk management. 

4. Roles and Responsibilities

  • Executive Management: Responsible for the overall information security strategy, setting goals, and ensuring compliance. 
  • Information Security Team: Implements security controls, manages incidents, and provides training and awareness. 
  • All Employees: Required to comply with the Information Security Policy and report security incidents or breaches. 

5. Data Classification

Data handled by Supreme Components International is categorized into the following classes: 

  • Confidential: Highly sensitive business data, client information, financial data, etc. 
  • Internal Use Only: Information intended solely for internal use by employees. 
  • Public: Information that can be freely shared without restrictions. 

6. Access Control

  • Access to confidential information is restricted to authorized personnel only.
  • Employees must use strong passwords and multifactor authentication to access information systems. 
  • Access privileges are reviewed regularly to ensure appropriateness. 

7. Data Protection and Encryption

  • Sensitive data is encrypted in transit and at rest to prevent unauthorized disclosure. 
  • All electronic and physical data storage is secured to prevent loss, theft, or damage. 

8. Physical Security

  • Offices and data centers are equipped with access control systems, CCTV, and security alarms. 
  • Only authorized personnel are allowed physical access to sensitive areas. 

9. Acceptable Use Policy

  • Company systems, devices, and data must only be used for authorized business purposes. 
  • Employees must avoid accessing, sharing, or storing inappropriate or unauthorized content. 
  • Personal devices used for business must adhere to company security standards. 

10. Incident Response

  • Employees must report any suspected security breaches immediately to the Information Security Team. 
  • The Incident Response Team will investigate, contain, and remediate security incidents, ensuring timely communication to stakeholders. 

11. Third-Party Management

  • All third-party service providers must comply with this Information Security Policy and undergo due diligence assessments. 
  • Data shared with third parties must be protected through Non-Disclosure Agreements (NDAs) and proper access controls. 

12. Employee Training and Awareness

  • Regular information security training is conducted to ensure employees understand their responsibilities and the risks involved. 
  • Employees must complete training sessions on an annual basis and as needed for specific updates. 

13. Risk Management

  • Information security risk assessments are conducted periodically to identify, evaluate, and mitigate potential risks to the organization.
  • Mitigating controls are implemented based on identified risks and criticality. 

14. Business Continuity

  • Measures are in place to ensure the availability of critical business processes and minimize disruptions during emergencies. 
  • Data backups are performed regularly, tested for integrity, and stored securely. 

15. Compliance and Legal Requirements

  • Supreme Components International complies with all applicable legal, regulatory, and contractual obligations, including the PDPA. 
  • Regular audits are conducted to evaluate compliance with the Information Security Policy. 

16. Policy Review

This Information Security Policy is reviewed annually or as required in response to changes in regulations, business operations, or emerging threats. Employees are notified of significant changes. 

17. Contact Information

  • For questions or concerns related to our Information Security Policy, please Contact Us at your earliest convenience. 
This is a staging environment