Data Security Policy in Persian Computer Highway Company Objective: The goal of Data Security is to ensure the company’s customers’ information is kept confidential by anticipating and minimizing the security breawks. Maximum 10 security breaks reported by the customers and 50 security breaks reported by the staff are acceptable during one year. Policy: The goal of this policy is to protect the company’s data from threats, whether internal or external, knowingly or unknowingly. It is the company’s policy that guarantees the following: 1- The information is protected from unauthorized access. 2- The information is guaranteed to be kept confidential. 3- The integration of information will be ensured. 4- Information security training will be accessible to all employees. 5- The legal requirements, contractual security codes and obligations will be complied with. 6- All the breaks into the Data Security, either occurred or suspicious, will be reported to and addressed by the information security management. 7- Information security is improved regularly over the time. 8- Business continuity plan will be prepared, kept and evaluated. Standards will be developed to support the policy. These standards include virus control, passwords, encryptions, etc. Acceptance of the recognized risks, shall be recognized according to the executive method for recognition and analysis of the risks. It is the managing director’s responsibility and role to administer the data security. Managing director shall be directly responsible for preserving the policy, consulting and guiding the implementation of the policy . All the managers are directly responsible for implementing the policy within their business unit and they shall be responsible for their staff’s compliance with the policy . All company’s personnel are obliged to comply with the policy. The policy and the scope of data security management system is reviewed annually by the management’s review meetings. The necessary information is provided for third parties through the website: www.pch.ir