Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction
1.1 Net Onboard Sdn Bhd is committed to ensuring the highest level of cybersecurity in compliance with ISO 27001 (Information Security Management System), NIST Cybersecurity Framework, and Malaysia’s Personal Data Protection Act (PDPA) 2010.
1.2 This Cybersecurity Policy outlines the security measures, best practices, and compliance requirements for safeguarding user data, cloud services, and IT infrastructure.
1.3 By using our services, you acknowledge and agree to comply with this Cybersecurity Policy.

2. Scope & Applicability
2.1 This policy applies to:
– All users, employees, vendors, and third-party service providers interacting with Net Onboard’s cloud services.
– All systems, applications, databases, and IT assets owned or managed by Net Onboard.
2.2 It covers the following cybersecurity domains:
– Data Protection & Encryption
– Access Control & Identity Management
– Threat Detection & Incident Response
– Network & Infrastructure Security

3. Data Protection & Encryption Standards
3.1 Encryption Protocols:
– All stored and transmitted data is encrypted using AES-256 encryption.
– Secure SSL/TLS encryption is enforced for all network communications.
3.2 Data Classification & Handling:
– Personal data, financial data, and sensitive corporate information are classified based on risk levels.
– Restricted access applies to highly confidential data (e.g., financial transactions, authentication credentials).
3.3 Backup & Disaster Recovery:
– Daily automated backups with geo-redundant storage are implemented.
– Backups are encrypted and stored securely with a minimum retention period of 30 days.

4. Access Control & Identity Management
4.1 User Authentication & Access Rights:
– Multi-Factor Authentication (MFA) is enforced for all administrative accounts.
– Role-Based Access Control (RBAC) is implemented to restrict access based on job function.
– All access is logged and monitored for compliance.
4.2 Password Security Policy:
– Passwords must be at least 12 characters long and include uppercase, lowercase, numbers, and symbols.
– Mandatory password rotation every 90 days for high-privilege accounts.

5. Threat Detection & Incident Response
5.1 Real-Time Monitoring & Threat Intelligence:
– Net Onboard deploys AI-driven security monitoring tools for real-time intrusion detection.
– Regular penetration testing and vulnerability scans are performed to identify security gaps.
5.2 Incident Response & Reporting:
– All security incidents must be reported immediately to [email protected].
– Affected users will be notified within 72 hours in case of a major data breach.
– Root cause analysis and post-incident reviews are conducted after every security event.

6. Network & Infrastructure Security
6.1 Firewall & Intrusion Prevention:
– Enterprise-grade firewalls and intrusion detection/prevention systems (IDS/IPS) are deployed.
– Zero Trust Architecture (ZTA) is adopted to validate all network access requests.
6.2 Endpoint & API Security:
– All endpoints (servers, devices, applications) are secured with next-gen antivirus and antimalware protection.
– API traffic is monitored for anomalies and secured with OAuth 2.0 and token-based authentication.

7. Compliance & Regulatory Standards
7.1 Net Onboard aligns its cybersecurity framework with:
– ISO 27001 (Information Security Management System)
– NIST Cybersecurity Framework
– General Data Protection Regulation (GDPR) (if applicable)
– Malaysia’s Personal Data Protection Act (PDPA) 2010
7.2 Annual cybersecurity audits are conducted to ensure continued compliance.

8. User Responsibilities & Security Best Practices
8.1 Users must:
– Use strong, unique passwords for Net Onboard accounts.
– Enable Multi-Factor Authentication (MFA) for account protection.
– Avoid accessing services from public or unsecured networks.
– Report security concerns immediately to Net Onboard’s security team.

9. Data Breach Notification & Response
9.1 In case of a security breach affecting personal or business data:
– Net Onboard will assess the risk and contain the breach immediately.
– Users and regulatory authorities will be notified within 72 hours in accordance with PDPA & GDPR requirements.
– A full forensic investigation will be conducted to determine the breach source and corrective actions.

10. Governing Law & Dispute Resolution
10.1 This Cybersecurity Policy is governed by Malaysian law.
10.2 Any cybersecurity-related disputes will be resolved through negotiation and mediation before proceeding to arbitration or litigation.

11. Amendments & Updates
11.1 Net Onboard reserves the right to update this Cybersecurity Policy at any time.
11.2 Users will be notified of any material changes via email or system notifications.
For cybersecurity inquiries, contact [email protected].