Cybersecurity Policy

Effective Date: April 2025

VDC.cloud is dedicated to maintaining the highest standards of cybersecurity in delivering cloud consultancy services. This Cybersecurity Policy defines the framework for securing our digital assets, customer data, and operational systems.

1. Purpose

The purpose of this policy is to ensure that all data handled by VDC.cloud is protected from cyber threats, unauthorised access, and other security risks that could compromise confidentiality, integrity, or availability.

2. Scope

This policy applies to all employees, contractors, consultants, and third-party service providers who access VDC.cloud systems or handle client information.

3. Security Objectives

  • Protect client and internal data across all services
  • Prevent and detect cybersecurity threats
  • Maintain compliance with industry best practices and regulations
  • Support secure project delivery and managed services

4. Core Security Areas

a. Network and Infrastructure Security

  • Deploy secure configurations for all cloud environments
  • Use firewalls, intrusion detection/prevention systems (IDS/IPS), and Zero Trust segmentation
  • Regularly audit access control and identity management systems

b. Endpoint and Application Security

  • Use Microsoft Defender for Business, Google Workspace, and other advanced threat protection tools
  • Keep software and firmware up to date
  • Enforce least privilege access and application whitelisting

c. Data Security

  • Encrypt data in transit and at rest
  • Use secure SaaS backup solutions for Microsoft 365 and Google Workspace environments
  • Monitor and restrict access to sensitive data

d. Security Monitoring and Incident Response

  • Use SIEM tools for proactive monitoring
  • Maintain an incident response plan for detection, containment, and recovery
  • Report and document all security incidents within 24 hours of discovery

e. User Awareness and Training

  • Provide ongoing security training and best practices for all employees
  • Conduct regular phishing simulations and security drills
  • Require strong, unique passwords with MFA across all accounts

5. Vendor and Partner Management

  • Vet all third-party service providers for cybersecurity compliance
  • Sign data protection agreements with vendors handling sensitive information

6. Compliance

VDC.cloud adheres to applicable security frameworks and regulatory requirements, including:

  • Cyber Essentials
  • ISO/IEC 27001 principles
  • ISO/IEC 27002 principles
  • UK GDPR and Data Protection Act 2018
  • Relevant cloud and data handling standards for industries we serve

7. Enforcement

Any breach of this policy may result in disciplinary action, including termination of access or contracts. VDC.cloud reserves the right to investigate suspected violations.

8. Review and Updates

This policy will be reviewed annually or in response to major changes in operations, the threat landscape, or applicable regulations.

9. Contact

For any questions or to report a cybersecurity concern, please contact (depending on your location):

Cybersecurity Officer

  • VDC.cloud Professional Services Ltd (London, United Kingdom)
  • VDC.cloud Professional Services Asia Pte. Ltd. (Singapore)

Submit a policy enquiry:

Website: https://vdc.cloud

By following this Cybersecurity Policy, VDC.cloud demonstrates its commitment to protecting clients and maintaining a secure and resilient digital environment.