At TrueLedger Consulting, data security is not just a compliance requirement—it’s our commitment to client trust and operational integrity. We take extensive measures to safeguard all confidential data shared with us and ensure that our internal systems and processes meet international security standards.

Purpose

We understand the responsibility of handling sensitive financial data. Our security policy sets the standards for securing devices, networks, and information systems that interact with our infrastructure. It aims to prevent unauthorized access, ensure business continuity, and maintain client confidentiality.

Scope

This policy applies to all data, systems, users, and digital infrastructure associated with TrueLedger Consulting and its clients.

Core Security Principles

Information Security

We maintain the confidentiality, integrity, and availability of all information assets. Security controls are tailored to the sensitivity of the data, ensuring a cost-effective yet robust protection layer.

Access Control

  • Access is role-based and granted only on a need-to-know basis.
  • Quarterly audits ensure accurate access permissions.
  • Restricted data is reviewed with additional frequency.

User Access Management

  • Only authorized personnel can manage user accounts.
  • Centralized control of company devices.
  • USB ports are blocked; external storage and email access are restricted unless approved.
  • Failed login attempts are locked after six tries.
  • Password sharing is strictly prohibited.

Email Security

  • Emails must be handled cautiously—especially when using auto-complete or reply-all features.
  • Attachments over 10 MB are discouraged.
  • Sensitive data is only sent via encrypted files.
  • Users must avoid sending plain-text sensitive information.

Identity & Authorization

Each team member is assigned a unique ID with secure credentials. These must not be shared under any circumstance.

Password Policy

  • Passwords must follow industry best practices in complexity and renewal.
  • Never written down or stored unencrypted.
  • Use of default or shared passwords is strictly forbidden.

Antivirus & Patch Management

  • All systems are routinely updated with antivirus and critical patches.
  • Regular scans and updates help prevent malware, data breaches, or functionality issues.

Asset Management

We maintain a comprehensive inventory of all IT assets, including:

  • Device listings with ownership identification.
  • Contact information of the asset owners.
  • Real-time updates as changes occur.

Disaster Recovery

We have a tested Disaster Recovery Plan (DRP) to ensure continuity in service during unexpected interruptions. Critical systems are prioritized for restoration.

Physical Security

Our physical office space is equipped with:

  • 24/7 CCTV surveillance.
  • On-site security personnel.
  • Fire and safety systems.

Incident Response

Our approach to security incidents includes:

  1. Preparation – Staff are trained for rapid response.
  2. Identification – Classify incidents by urgency.
  3. Containment – Isolate affected systems.
  4. Neutralization – Eliminate threats & investigate root cause.
  5. Recovery – Restore services.
  6. Lessons Learned – Refine processes post-incident.

User Responsibilities

Users Must:

  • Lock/log off systems when unattended.
  • Report lost devices or suspicious activities immediately.
  • Complete mandatory privacy & security training.
  • Use systems only for business purposes.
  • Follow the “Clean Desk, Clean Screen” policy.

Users Must Not:

  • Install unauthorized software or download from untrusted sources.
  • Copy/store client data on removable media.
  • Share or expose client data on public or social platforms.
  • Use TrueLedger systems for illegal or unethical activities.
  • Introduce malware or disrupt network security.

Your Trust. Our Responsibility.

We treat every piece of information you entrust us with as critically important. Our commitment to data security isn’t optional—it’s integral to how we operate.

Scroll to Top
CHAT