Cybersecurity Policy

1. Purpose

As an online training provider delivering proprietary and third-party content to clients, Teaching 4Business is committed to protecting:

• Client data
• Learner information
• Intellectual property
• Platform integrity

This Cybersecurity Policy establishes the framework for safeguarding digital systems and information assets.

 2. Scope

This policy applies to:

• All employees and contractors
• All IT systems and learning Management Systems(LMS)
• Cloud services, third-party integrations and third-party course providers 

3. Information Security Principles

We follow these core principles:

• Confidentiality – Information is accessible only to authorised individuals
• Integrity – Data is accurate and protected from unauthorised modification
• Availability – Systems and content remain accessible t oauthorised users

4. Data Protection & Privacy

We commit to:

• Complying with applicable data protection regulations (e.g., GDPR where applicable)
• Collecting only necessary personal data
• Using secure methods for data storage andtransmission
• Implementing data retention and secure deletionprocedures

Access to personal data is restricted to authorised personnel on a need-to-know basis.

 5. Access Control

• Unique user accounts are required for all staff
• Multi-factor authentication (MFA) is implemented where possible
• Administrative privileges are limited and monitored
• Access rights are reviewed periodically

 6. Secure Development & Content Management

For proprietary course development:

• Secure development practices are followed
• Platforms are regularly updated and patched
• Course content is protected from unauthorised copying or distribution

    For third-party course providers:

• Due diligence is conducted before onboarding
• Contracts include cybersecurity and data protection obligations
• Providersmust demonstrate appropriate security controls

 7. Network & Infrastructure Security

We implement:

• Firewalls and endpoint protection
• Encryption for data in transit (SSL/TLS)
• Regular vulnerability scanning and risk assessments
• Secure cloud hosting environments

 8. Incident Management

We maintain a documented incident response process that includes:

• Identification and containment of security incidents
• Internal reporting procedures
• Notification to affected clients and regulators where legally required
• Post-incident review and corrective actions

Employees must report suspected cybersecurity incidents immediately.

 9. Training & Awareness

All employees receive:

• Cybersecurity awareness training
• Guidance on phishing and social engineering risks
• Secure data handling procedures

 10. Business Continuity & Backup

We ensure:

• Regular data backups
• Secure backup storage
• Disasterrecovery procedures to restore services in a timely manner

 11. Compliance & Review

We commit to:

• Periodic security audits
• Risk assessments
• Annual policy review
• Continuous improvement of cybersecurity controls

Senior management holds overall responsibility for cybersecurity governance.

 ______________________________________________________________________________

Approval and Review Date

Approved By: Lee Wilkes

Date Approved 06.05.2020

Reviewed: 06.05.2022

Reviewed: 06.05.2024

‍