1. Introduction This Cybersecurity Policy outlines the principles and guidelines governing the protection of Culture Automotive information assets and systems from cyber threats. It establishes the framework for safeguarding sensitive data, maintaining the integrity of IT infrastructure, and mitigating cybersecurity risks to ensure the confidentiality, availability, and integrity of information. 
2. Scope This policy applies to all employees, contractors, suppliers, and stakeholders who access, use, or manage Culture Automotive information systems, networks, and data resources. It encompasses all devices, applications, and platforms owned, leased, or operated by Culture Automotive, regardless of location. 
3. Security Responsibilities • All employees are responsible for safeguarding Culture Automotive information assets and complying with cybersecurity policies, procedures, and guidelines. • Managers and supervisors are accountable for enforcing cybersecurity policies within their respective teams and ensuring staff members receive appropriate training and resources to fulfil their security responsibilities. • The IT department is responsible for implementing and maintaining security controls, monitoring network activity, and responding to security incidents promptly. 
4. Access Control • Access to Culture Automotive information systems and data resources shall be granted based on the principle of least privilege, ensuring that individuals have only the access necessary to perform their job functions. • User accounts shall be provisioned, managed, and deactivated promptly in accordance with established procedures, including regular reviews of access privileges. 
5. Information Protection • Confidential and sensitive information shall be classified, labelled, and handled in accordance with Culture Automotive data classification policy. • Encryption shall be employed to protect data both in transit and at rest, particularly for sensitive information stored on portable devices or transmitted over public networks. 
6. Network Security • Firewalls, intrusion detection/prevention systems, and other network security controls shall be implemented to protect Culture Automotive network infrastructure from unauthorized access, malicious activities, and denial-of-service attacks. • Wi-Fi networks shall be secured using encryption protocols and access controls to prevent unauthorized access. 
7. Endpoint Security • All endpoints (e.g., laptops, desktops, mobile devices) shall be equipped with up-to-date antivirus/antimalware software and configured to receive regular security updates and patches. • Endpoint security measures such as device encryption, remote wipe capabilities, and application whitelisting shall be implemented to protect against data breaches and unauthorized access. 
8. Incident Response • An incident response plan shall be developed, documented, and periodically tested to ensure an effective and coordinated response to cybersecurity incidents. • Security incidents, breaches, or suspicious activities shall be reported promptly to the IT department or designated security personnel for investigation and remediation. 
9. Employee Awareness and Training • All employees shall receive cybersecurity awareness training upon onboarding and periodically thereafter to stay informed about emerging threats, security best practices, and Culture Automotive cybersecurity policies. • Phishing simulations and other awareness activities shall be conducted to educate employees about social engineering attacks and encourage vigilant behaviour. 
10. Compliance and Review • Compliance with this Cybersecurity Policy shall be regularly audited and reviewed to ensure alignment with industry standards, regulatory requirements, and best practices. • Updates and revisions to the policy shall be approved by the designated authority and communicated to all relevant stakeholders. 
11. Conclusion This Cybersecurity Policy underscores [Company Name]'s commitment to protecting its information assets and systems from cyber threats. By adhering to the principles and guidelines outlined herein, we can strengthen our cybersecurity posture, mitigate risks, and safeguard the confidentiality, integrity, and availability of information assets. 

This policy shall be communicated to all employees, contractors, and stakeholders and made available through Culture Automotive internal channels. Compliance with this policy is mandatory, and violations may result in disciplinary action, legal consequences, or termination of employment or contractual relationships.