Information Security Policy

Introduction

Information security is a fundamental responsibility of Adore Softex Solutions Inc. Appropriate security measures are maintained to help safeguard company information, customer information, software systems, and operational resources from unauthorized access, disclosure, modification, disruption, or destruction.

This policy applies to employees, contractors, consultants, vendors, and any individual who is granted authorized access to company systems or information.

Security controls are reviewed periodically to support business continuity, risk management, and evolving security requirements.

Acceptable Use Policy

Company systems, devices, applications, and network resources are provided for authorized business use and must be used responsibly.

• Users must protect login credentials and passwords.
• Unauthorized software installations are prohibited.
• Company resources must not be used for illegal, harmful, fraudulent, or abusive activities.
• Employees should exercise caution when opening email attachments or visiting unfamiliar websites.
• Any suspected security incident must be reported promptly.

Network Security

Adore Softex Solutions Inc maintains security controls intended to protect company networks, cloud resources, software platforms, and supporting infrastructure.

Access restrictions, authentication mechanisms, monitoring activities, and periodic security reviews may be used to strengthen protection against unauthorized access and cybersecurity threats.

Administrative access is restricted to authorized personnel and may require additional security verification measures.

Data Protection & Retention

Adore Softex Solutions Inc is committed to protecting customer, business, and operational information through appropriate technical and organizational safeguards.

Information collected through our products, services, websites, and support channels is handled according to legitimate business purposes and applicable privacy requirements.

Sensitive information is protected against unauthorized access, disclosure, alteration, misuse, or loss through security controls, access restrictions, monitoring, and administrative procedures.

Information is retained only for as long as reasonably necessary to support business operations, legal obligations, customer support, security investigations, and service improvement activities.

Information Classification

Information assets are classified according to their sensitivity and business impact to ensure appropriate protection measures are applied.

• Confidential Information – customer records, business information, internal systems, security information, and non-public operational data.
• Internal Information – information intended for authorized personnel and business use.
• Public Information – information approved for public release and distribution.

Access controls, storage requirements, and handling procedures are applied according to the classification level of the information involved.

Access Control & Authorized Access

Access to company systems, software platforms, administrative tools, and sensitive information is granted based on legitimate business requirements.

Access permissions are limited to the minimum level necessary for personnel to perform their assigned responsibilities.

• User accounts must be individually assigned.
• Passwords and authentication credentials must remain confidential.
• Administrative access is restricted to authorized personnel.
• Access rights may be reviewed, modified, or revoked when business requirements change.

Unauthorized attempts to access systems, applications, or data are prohibited.

Third-Party Service Providers

Adore Softex Solutions Inc may engage third-party vendors, service providers, cloud platforms, and technology partners to support business operations and service delivery.

Appropriate due diligence may be performed before engaging third-party providers that could have access to company systems, customer information, or operational resources.

Service providers are expected to maintain appropriate security measures consistent with the nature of the services provided.

Access provided to third parties is limited to authorized business purposes and may be monitored, restricted, or revoked when necessary.

Physical Security

Physical access to company facilities, equipment, systems, and information assets is controlled through appropriate security measures designed to prevent unauthorized access and protect business operations.

Visitors, contractors, and third-party personnel may be subject to identification, authorization, and supervision requirements when accessing company-controlled environments.

Company devices, storage media, and equipment containing business information should be protected against theft, damage, unauthorized access, and misuse.

Personnel are expected to secure devices, workstations, and information resources when left unattended and follow established security procedures regarding physical access.

Secure Data Transmission

Adore Softex Solutions Inc takes reasonable measures to protect information transmitted electronically between users, systems, applications, and authorized service providers.

Where appropriate, industry-standard encryption technologies and secure communication protocols may be used to help protect information during transmission.

Personnel are expected to avoid transmitting sensitive information through insecure channels and should follow established security procedures when sharing business information.

Access credentials, confidential information, and security-related data should only be shared through authorized and secure communication methods.

Data Retention & Secure Disposal

Information is retained only for legitimate business, operational, legal, security, and customer-support purposes.

When information is no longer required, reasonable measures are taken to securely delete, destroy, anonymize, or otherwise render the information inaccessible.

Electronic data, storage media, documents, and equipment containing business information should be disposed of using appropriate procedures designed to reduce the risk of unauthorized access.

Disposal procedures are periodically reviewed to support responsible information lifecycle management.

Security Awareness & Incident Response

Security awareness is an important component of Adore Softex Solutions Inc's information security program.

Personnel may receive periodic guidance, training, policy updates, and awareness communications regarding cybersecurity threats, information protection, privacy practices, and responsible use of company resources.

Suspected security incidents, unauthorized access attempts, data exposure events, malware activity, phishing attempts, or other security concerns should be reported promptly through established reporting channels.

Reported incidents may be investigated, documented, contained, and reviewed to help reduce potential impact and improve future security controls.

Security policies, procedures, and controls may be reviewed periodically to support ongoing risk management and operational improvement.

Security Incident Management

Adore Softex Solutions Inc maintains procedures for identifying, reporting, assessing, responding to, and documenting information security incidents that may impact company systems, services, personnel, or information assets.

Security incidents may include unauthorized access attempts, malware infections, phishing attacks, credential compromise, system vulnerabilities, service disruptions, or suspected data exposure events.

Personnel are expected to promptly report any suspected security incident through established internal reporting channels so appropriate actions can be initiated without unnecessary delay.

Upon notification, authorized personnel may investigate the incident, assess potential impact, contain affected systems, preserve relevant evidence, and implement corrective actions where appropriate.

Following resolution, incidents may be reviewed to identify lessons learned, strengthen controls, and reduce the likelihood of future occurrences.

Security Reporting & Escalation

Adore Softex Solutions Inc maintains an escalation process for security-related events based on the nature, severity, and potential business impact of an incident.

Security events may be reviewed by authorized management personnel, technical staff, legal advisors, compliance personnel, and other stakeholders as necessary.

Where required by applicable laws, regulations, contractual obligations, or legitimate business requirements, affected parties and relevant authorities may be notified of security incidents.

Incident records may be maintained for investigation, auditing, compliance, operational improvement, and risk-management purposes.

Security Governance & Continuous Improvement

Information security is an ongoing process that requires continuous evaluation, monitoring, and improvement.

Adore Softex Solutions Inc periodically reviews security policies, procedures, technologies, and operational practices to address evolving threats, business requirements, and regulatory expectations.

Risk assessments, internal reviews, employee awareness initiatives, and security monitoring activities may be conducted to support the effectiveness of the organization's security program.

Security controls may be updated as technology, business operations, or risk conditions change.

User Account Management

Access to company systems, applications, and information resources is managed through formal authorization procedures.

User accounts may be created, modified, suspended, or removed based on employment status, business requirements, job responsibilities, and operational needs.

Each authorized user is assigned an individual account to help maintain accountability and support security monitoring activities.

• User accounts should be uniquely assigned and not shared between individuals.
• Access requests should be approved by authorized personnel.
• Access rights may be adjusted when roles or responsibilities change.
• Access may be revoked promptly upon termination, resignation, or completion of authorized work.

Periodic reviews may be performed to ensure access permissions remain appropriate and aligned with current business requirements.

Authentication & Access Governance

Adore Softex Solutions Inc maintains authentication and access-control measures designed to help protect company systems, applications, and information assets.

Access rights are granted according to the principles of least privilege and legitimate business need.

• Users are responsible for protecting account credentials and authentication information.
• Strong password practices and authentication controls may be enforced where appropriate.
• Administrative privileges are restricted to authorized personnel with approved business needs.
• Remote access capabilities may be subject to additional authorization and security controls.
• Access permissions may be reviewed periodically to support ongoing security and compliance efforts.

Unauthorized attempts to gain access to systems, applications, networks, or information resources are prohibited and may result in disciplinary, contractual, or legal action where applicable.

Policy Review & Maintenance

Adore Softex Solutions Inc periodically reviews and updates its information security policies, procedures, and operational controls to reflect evolving technology, business requirements, regulatory obligations, and emerging security risks.

Security policies may be revised when significant changes occur within the organization's systems, infrastructure, services, vendors, or operational processes.

Employees, contractors, and authorized personnel may be required to follow applicable security requirements and acknowledge their responsibilities regarding the protection of company information and customer data.

The most current version of this Information Security Policy supersedes any previous versions and remains subject to periodic review.