Information Security Policy

1. Purpose

This Policy outlines the measures adopted by Ojusvi Goodhealth Private Limited to protect information assets and ensure data security.

2. Scope

• Employees, contractors, and vendors
• All systems, applications, and data handled by the Company

3. Security Principles

• Confidentiality: Access to data is restricted to authorized individuals.
• Integrity: Data is protected from unauthorized alteration.
• Availability: Systems are maintained to ensure reliable access.

4. Security Measures

• Encryption of sensitive data
• Secure authentication and access controls
• Role-based access restrictions
• Regular security testing and audits

5. Incident Management

• Security incidents are promptly identified, logged, and investigated.
• Data breaches are handled in accordance with applicable laws (including the DPDP Act, 2023).
• Appropriate corrective actions are taken.

6. Third-Party Security

• Vendors are required to comply with contractual data protection and confidentiality obligations.
• Data sharing is limited to what is necessary for service delivery.

7. Employee Responsibility

• Maintain confidentiality of data
• Follow internal security practices
• Report any security concerns immediately

8. Continuous Improvement

Security practices are regularly reviewed and updated based on evolving risks and regulatory requirements.