Acceptable Use Policy
Defines acceptable use of equipment and computing services to protect organizational resources and proprietary information
Policies
Organizational policies — board-approved commitments defining requirements and expectations for employees, contractors, and systems. Covers security, compliance, operations, and cross-functional governance.
Policies
Board-approved organizational commitments. Each Policy states what the organization commits to — the how lives in the companion Standards and SOPs.
Policies are reviewed annually. Operational changes are absorbed by updating the corresponding Standard — no Board re-approval required for those.
See Policy → Standard → Implementation for the layering rationale.
Security & Compliance
| Policy | Description |
|---|---|
| Acceptable Use Policy (POL-001) | Acceptable use of equipment and computing services |
| Business Continuity Policy (POL-002) | Maintains business operations during disruption |
| Change Management Policy (POL-003) | Feature requests, requirements, and development lifecycle governance |
| Clean Desk Policy (POL-004) | Secure workspace requirements |
| Cyber Crisis Management Plan Policy (POL-005) | Crisis identification, response, recovery |
| Cyber Risk Management Policy (POL-006) | Risk identification, assessment, treatment framework |
| Cyber Security and Cyber Resilience Policy (POL-007) | SEBI-aligned umbrella cyber framework |
| Data Breach Response Policy (POL-008) | Breach response procedures |
| Data Classification and Handling Policy (POL-009) | How data is classified and handled by sensitivity |
| Data Retention & Disposal Policy (POL-010) | Retention periods and secure disposal |
| Disaster Recovery Policy (POL-012) | DR planning requirements |
| Exception Management Policy (POL-013) | Requesting, approving, reviewing policy exceptions |
| IT Rules 2021 Compliance Policy (POL-014) | Grievance handling, takedown, user notification |
| Mobile Device Security Policy (POL-015) | Mobile device access to organizational data |
| Password Protection Policy (POL-017) | Password creation, protection, management |
| Privileged Access Management Policy (POL-018) | Privileged account tiers, provisioning, reviews |
| Security Awareness Training Policy (POL-025) | Mandatory onboarding + annual training, phishing drills |
| Third-Party & Vendor Management (POL-022) | Vendor registry, risk, onboarding, offboarding |
Network
| Policy | Description |
|---|---|
| Network Segmentation Policy (POL-016) | Cloud, office, remote access network isolation |
| Remote Access Policy (POL-019) | Secure remote network access requirements |
| Wireless Communication Policy (POL-024) | Wireless infrastructure standards |
Server & Application
| Policy | Description |
|---|---|
| Database Credentials Coding Policy (POL-011) | Secure storage of database credentials |
| Server Security Policy (POL-020) | Server configuration and security standards |
| Technology Equipment Disposal Policy (POL-021) | Secure disposal of hardware |
| Web Application Security Policy (POL-023) | Web application security assessments |
For questions, contact the Security Team at security@wealthy.in.
Business Continuity Policy
Ensures reliable delivery of services and maintains business operations during adverse situations and disruption events
Change Management Policy
Wealthy’s commitment to managing change — feature requests, enhancements, and operational updates — through a documented, reviewed, and tracked process.
Clean Desk Policy
Requirements for maintaining a clean desk to protect sensitive information and secure workspaces
Cyber Risk Management Policy
Framework for identifying, assessing, and managing cybersecurity risks across the organization
Cyber Security and Cyber Resilience Policy
Comprehensive cyber security and cyber resilience framework per SEBI regulatory requirements
Exception Management Policy
Defines structured approach for requesting, approving, documenting, and reviewing exceptions to organizational policies and standards
Cyber Crisis Management Plan (CCMP) Policy
Defines procedures and responsibilities for identifying, responding to, managing, and recovering from cybersecurity incidents
IT Rules 2021 Compliance Policy
Compliance with Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
Data Breach Response Policy
Defines procedures for responding to data breaches, exposures, and security incidents
Mobile Device Security Policy
Requirements for using mobile devices to access organizational data including company-owned and personal devices
Database Credentials Coding Policy
Requirements for securely storing and retrieving database credentials in applications
Third-Party & Vendor Management Policy
Wealthy’s commitment to managing third-party and vendor risk — assessment, contracts, monitoring, offboarding.
Data Retention & Disposal Policy
Requirements for retaining organizational data and ensuring secure disposal when no longer needed.
Data Classification and Handling Policy
Simple guide to classifying and handling data based on sensitivity.
Privileged Access Management Policy
Controls for managing and securing privileged access to Wealthy’s systems.
Network Segmentation Policy
Guidelines for network segmentation across cloud, office, and remote access infrastructure.
Security Awareness Training Policy
Wealthy’s commitment to ongoing security awareness training — onboarding, annual refresher, phishing drills, role-specific modules.
Disaster Recovery Policy
Requirements for developing and implementing IT disaster recovery plans
Password Protection Policy
Standards for password creation, protection, and management
Remote Access Policy
Requirements for secure remote access to the corporate network
Server Security Policy
Standards for server configuration and security within the production network
Technology Equipment Disposal Policy
Guidelines for secure disposal of technology equipment and storage media
Web Application Security Policy
Requirements for web application security assessments and guidelines
Wireless Communication Policy
Standards for wireless infrastructure and secure wireless connectivity