1. Introduction

At Unitech Limited, we prioritize the security and integrity of our digital infrastructure to safeguard sensitive data and ensure uninterrupted services. This Cybersecurity Policy outlines our commitment to protecting our systems, users, and stakeholders from cyber threats while maintaining transparency with the public.

2. Scope

This policy applies to all employees, contractors, third-party vendors, and users interacting with Unitech Limited’s network, systems, or services. It covers:

• Secure access controls.
• Data protection and privacy.
• Threat prevention and monitoring.
• Compliance with regulatory standards.

3. Core Principles

• Confidentiality: Protect sensitive information from unauthorized access.
• Integrity: Ensure data accuracy and prevent tampering.
• Availability: Maintain reliable access to critical systems.
• Accountability: Enforce roles and responsibilities for cybersecurity.

4. Security Measures

• Access Controls

  • Role-based access (e.g., Management, Staff, Auditors) with strict permissions.
  • Multi-factor authentication (MFA) for sensitive systems.
  • Guest devices restricted to segregated networks.

• Network Security

  • Firewalls block all unauthorized inbound/outbound traffic by default.
  • Dual ISP connections with automatic failover for resilience.
  • Geo-blocking for high-risk regions.

• Data Protection

  • Encryption for sensitive data in transit and at rest.
  • Regular backups stored securely.

• Threat Prevention

  • Real-time intrusion detection/prevention (IDS/IPS).
  • Malicious IPs blocked via threat intelligence feeds.
  • Email attachments scanned for malware; public domain attachments restricted.

• Monitoring & Logging

  • All user activities logged and retained for 90 days.
  • Bandwidth monitored for abnormal usage.

• Content Filtering

  • Blocked: Social media, gaming, torrents, ads, and non-business sites.
  • Whitelisted applications only.

5. Incident Response

• Immediate action for detected threats.
• Reporting breaches to relevant authorities
• Transparent communication with affected parties.

6. Compliance & Review

• Quarterly audits of firewall logs and access controls.
• Annual policy reviews or updates after major incidents.
• Adherence to SEBI, IT Act 2000, and other regulatory frameworks.

7. User Responsibilities

• Report suspicious activities to IT Security.
• Avoid unauthorized software or VPNs.
• Follow password best practices.

8. Transparency

This policy is publicly available to demonstrate our commitment to cybersecurity.