Effective date – 10.07.2025

Date of last change – 10.07.2025

Document Statistics

Document History

Table of Contents

1. Scope
2. Objective
3. Document Responsibilities
4. Compliance
5. Exceptions
6. Review
7. Cyber Security Preparedness
8. Cyber Security Measures
   • Cyber Crisis Management Plan
   • Protect Internet facing Infrastructure
   • Respond, Resolve, and Recover from Cyber Incidents
   • Performance Measurement
   • Cyber Security Awareness and Training
   • Control Measures to Counter Cyber Attacks
   • Reporting Cyber Incidents

1. Scope

This policy applies to all Signatureglobal employees, contractors, consultants, third-party vendors, and any individuals or system owned or operated by the Organization, entities who access or manage the organization's IT systems or data.

2. Objective

The objective of this Cyber Security Policy is to establish a comprehensive framework for securing Signatureglobal information systems, networks, applications, and data assets against internal and external cyber threats. This policy aims to ensure the confidentiality, integrity, and availability of Client information, financial records, property transaction data by implementing proactive measures, incident response protocols, and continuous monitoring to safeguard the organization’s digital infrastructure.

3. Document Responsibilities

The Chief Information Officer (CIO) shall be responsible for implementation, incident response and approving all policies, including any subsequent updates or modifications. The CIO shall also ensure that policies remain up-to-date, aligned with organizational requirements, and supported by appropriate standards, procedures, and defined roles for the management of IT applications and infrastructure.

Relevant department heads shall be accountable for the appropriate dissemination of these policies on a need-to-know basis and for ensuring their implementation and compliance within their respective areas of responsibility.

All individuals granted access to the organization's systems, data, or resources are expected to be aware of, understand, and comply with the applicable policies.

4. Compliance

Employees shall comply with the policies and any failure to abide by the Policies by any employee may result in strict disciplinary action.

5. Exceptions

Any exception shall require explicit written approval of the CIO, including but not limited to legal/ regulatory/ statutory compliances.

6. Review

The Policies shall be formally reviewed by CIO and his team annually or whenever there is a significant change in the IT infrastructure. The CIO shall during the review, evaluate the effectiveness of the Policies and approve appropriate changes in the Policies as required.

7. Cyber Security Preparedness

Cyber security is the practice of defending computers and servers, mobile devices, electronic systems, networks and data from malicious attacks. Securing the cyber space of the organization is the most important task to protect the confidentiality of information processed by the organization. Signatureglobal has an established information security framework, which shall form as a base for Cyber Security framework. IT team to manage technical control, monitor systems, apply patches, test backups.

8. Cyber Security Measures

Resilience in cyber security can be achieved only through continuous monitoring. While using the cloud technologies for the day-to-day business, the protection mechanism shall be on a real time and continuous basis.

The Company has adopted or in the process of adopting following real-time threat defense and management measures to keep the rogue players away:

• Security Incident and Event Management (SIEM);
• Firewall
• Vulnerability Assessment & Penetration Testing etc.

9. Cyber Crisis Management Plan

Companywide effective measures to prevent, detect and respond to cyber-attacks to promptly detect any cyber-intrusions to respond / recover / contain the fall out.

Respective teams shall take the following steps to make progress against the cyber security objectives:

Protect Internet facing Infrastructure

• Maintaining a list of IT assets.
• Assessing the threat to IT infrastructure.
• Identification of gap in controls to protect the IT infrastructure from cyber-attacks.
• Implementation of proper cyber security controls or plan to mitigate the vulnerability identified.

Respond, Resolve, and Recover from Cyber Incidents

Any cyber security related incidents targeting the infrastructure shall follow Signatureglobal’s Incident Management Policy and provide appropriate remediation services.

Performance Measurement

Continuous monitoring of cyber security implementation shall be performed by gathering data. Such reports shall be input for projecting future cyber security requirements and identifying potential threats.

In case of outsourced activity, availability and performance requirements of agreed services shall be clearly reflected in the contract / work instruction of respective service providers.

Cyber Security Awareness and Training

Signatureglobal’s IT and Information Security teams are responsible for conducting regular awareness programs and training sessions for stakeholders, including senior management, security personnel, and operational staff. These sessions aim to enhance cyber security readiness and promote a culture of security across the organization.

Control Measures to Counter Cyber Attacks

• Using and maintaining an updated anti-virus software.
• Keeping the operating system, database, applications patched with critical patches up to date.
• Regularly backing up and restoration testing.
• Blocking use of portable media like USB, External HDD on Signatureglobal systems.
• Monitoring logs.
• Subjecting all critical IT system to VA/ PT at required intervals.
• All third-party vendors must meet security standards through contract and audit provisions.

Install and maintain anti-malware and anti-virus on all end points

Conduct annual risk reviews and written security provisions in vendor contracts

Reporting Cyber Incidents

All cyber security related incidents shall be actively reported at Infosec@signatureglobal.in

IT team shall conduct targeted awareness training program for all stakeholders / Top Management / key personnel like senior executives, security administrators, operation and management executives etc. on regular basis. Document and track investigation outcomes; apply lessons learned to continuous improvement.