In a rapidly evolving technology environment, establishing clear technical policies is essential to protect digital assets, ensure information security and use technology responsibly. This policy applies to all employees, partners and contractors of Xylentis.
Cybersecurity
System and data security regulations
Passwords: Use strong passwords (minimum 12 characters, including uppercase, lowercase, numbers and special characters), do not share, do not reuse across systems.
Multi-factor Authentication (MFA): Mandatory 2FA for all critical systems (email, VPN, cloud, source control).
System Access: Apply the Least Privilege principle - only grant access necessary for the job.
Incident Reporting: Any suspected security incident must be reported immediately through designated security channels.
Software Updates: Ensure operating systems, software, and browsers are always updated with the latest security patches.
Responsible AI Use
Ethical guidelines for AI usage
Transparency: Must clearly disclose when AI is used in products/services that make decisions affecting users.
Data Privacy: Do not input customer data, confidential information into public AI tools (ChatGPT, Claude, Gemini...) without approval.
Output Review: Code and content generated by AI must be thoroughly reviewed before being incorporated into products.
Bias Avoidance: Evaluate and minimize bias in AI systems being developed.
Copyright Compliance: Do not use AI to create content that infringes on third-party copyrights or trademarks.
Intellectual Property (IP)
Protecting company intellectual assets
Source Code Security: Source code is company property, not to be shared or copied externally without approval.
Non-Disclosure Agreement (NDA): Sign NDA before accessing company or customer confidential information.
Invention Ownership: Inventions and patents created during employment belong to the company (per employment contract).
Software Use: Only use legally licensed software or open source with appropriate licenses.
Return Upon Departure: Return all documents, code, equipment upon contract termination. Do not retain copies.
Data Management
Data collection, storage, processing policies
Data Collection: Only collect necessary data with clear consent from data subjects.
Secure Storage: Sensitive data must be encrypted at-rest and in-transit.
Data Classification: Apply classification system (Public, Internal, Confidential, Restricted) to apply appropriate protective measures.
Processing and Deletion: Have procedures to handle access, modification, deletion requests of personal data as required by law.
Regulatory Compliance: Ensure compliance with regulations such as Decree 13/2023/ND-CP (Vietnam), GDPR (EU), CCPA (California) if applicable.
General Guidelines
- Do not install unapproved software on company devices.
- Do not connect personal devices to internal network without VPN/controls.
- Always lock screen when leaving workstation.
- Do not use company email for personal purposes or external service registration.
- Report immediately if you discover phishing emails.
Contact IT Security
For security incidents or questions, please contact the IT Security team.
[email protected]