Based on the branding of Unique Fire Holdings Berhad (a publicly listed fire protection equipment manufacturer and distributor in Malaysia), the subdomain it.uniquefire.com is typically designated for internal IT operations, an employee portal, or an external-facing IT service desk/B2B portal.
Below is a comprehensive Website IT and Cybersecurity Policy template tailored for https://it.uniquefire.com/. It is designed to comply with general corporate standards, the Malaysian Personal Data Protection Act (PDPA 2010), and standard cybersecurity frameworks.
WEBSITE IT & CYBERSECURITY POLICY
Domain: https://it.uniquefire.com/
Company: Unique Fire Holdings Berhad & Subsidiaries (the “Company”)
Effective Date: May 18, 2026
Version: 1.0
1. Purpose & Scope
The purpose of this policy is to define the rules, security measures, and acceptable use guidelines governing the https://it.uniquefire.com platform. This policy ensures the confidentiality, integrity, and availability of data hosted on or processed by this platform.
This policy applies to all users accessing this subdomain, including employees, contractors, third-party vendors, B2B partners, and system administrators.
2. Acceptable Use Policy (AUP)
Users accessing the IT portal must use the resources strictly for authorized business and administrative purposes.
- Prohibited Activities: Users shall not use the platform to upload, transmit, or host malicious software (viruses, malware, ransomware), perform vulnerability scanning without prior authorization, attempt unauthorized access (hacking), or bypass implemented security controls.
- Resource Misuse: Users must not use the platform to distribute spam, host unauthorized scripts, or execute bandwidth-heavy applications that intentionally degrade platform performance.
3. Access Control & Identity Management
To prevent unauthorized entry and protect proprietary corporate asset data:
- Authentication: All user accounts accessing restricted areas of
it.uniquefire.com must utilize strong authentication mechanisms. Passwords must meet corporate complexity standards (minimum length, special characters, alphanumeric blend).
- Multi-Factor Authentication (MFA): MFA is mandatory for all administrative and internal employee logins.
- Account Provisioning: Accounts are granted based on the Principle of Least Privilege (PoLP). Access is revoked immediately upon an employee’s termination or completion of a contractor’s assignment.
- Credential Sharing: Sharing of accounts, API keys, or access tokens is strictly prohibited.
4. Data Protection & Privacy (PDPA Compliance)
As a Malaysian entity, the platform adheres strictly to the Personal Data Protection Act 2010 (PDPA).
- Data Encryption: All data transmitted to and from
https://it.uniquefire.com must be encrypted using Secure Sockets Layer/Transport Layer Security (SSL/TLS v1.3 preferred, minimum v1.2).
- Confidentiality: Systems operating on this subdomain that process inventory, engineering designs, client databases, or corporate assets must treat such data as “Strictly Confidential.”
- Log Retention: Access logs, security events, and audit trails must be safely archived for a minimum period dictated by regulatory compliance and corporate retention schedules.
5. System Integrity & Security Vulnerability Management
The IT department maintains strict oversight of the web infrastructure hosting this subdomain.
- Patch Management: The server operating systems, content management systems (CMS), databases, and dependencies running on the platform must be updated with security patches regularly.
- Vulnerability Assessments: Periodic automated vulnerability scanning and web application firewall (WAF) configurations must be maintained to defend against the OWASP Top 10 web vulnerabilities (e.g., SQL injection, Cross-Site Scripting).
- Backups: Regular, encrypted backups of the website code, configurations, and databases must be performed and tested for disaster recovery viability.
6. Incident Reporting & Breach Notification
- Reporting: If a user detects a security anomaly, unexpected system behavior, phishing attempts pointing to this domain, or a potential data leak, they must immediately escalate the issue to the IT Security Team via the designated ticketing tool or email at it.support@uniquefire.com (or your internal IT service desk address).
- Response Procedure: Upon a confirmed breach, the IT team will initiate the Corporate Incident Response Plan to isolate affected systems, minimize data loss, and satisfy necessary regulatory notification requirements.
7. Intellectual Property & Brand Protection
- All contents, graphics, source codes, proprietary scripts, and structural layouts on
https://it.uniquefire.com remain the sole intellectual property of Unique Fire Holdings Berhad.
- Unauthorized reproduction, reverse-engineering, or scraping of the platform’s tools and data is legally prohibited.
8. Enforcement & Penalties
Compliance with this policy is mandatory. Non-compliance, intentional system tampering, or negligence leading to a cyber security incident may result in:
- Immediate suspension or revocation of platform access.
- Disciplinary action up to and including termination of employment for internal staff.
- Legal action or termination of business contracts for third-party vendors and partners.
Disclaimer & Customization Advice
- If this portal acts primarily as a B2B/Ticketing Client Portal, ensure you append a specific SLA (Service Level Agreement) and liability clause regarding system uptime.
- If this portal collects user cookies, ensure a Cookie Consent Banner is active on the front-end to comply with modern data tracking regulations.