ADAPT Global Ltd. Cyber Security Policy

Effective Date: June 18, 2025

1. Introduction and Purpose

At ADAPT Global Ltd., we recognize that safeguarding our digital assets and maintaining data integrity are paramount. This Cyber Security Policy outlines our commitment to protecting information, ensuring the security of our systems, and upholding the privacy of our data. This policy applies to all employees, contractors, and any parties accessing ADAPT Global Ltd. systems and data.

2. Digital Identity Management

Effective management of digital identities is a cornerstone of our security posture.

  • Azure Entra ID: Digital identities are primarily managed within Azure Entra ID. This platform is used for provisioning users and assigning appropriate user attributes based on their roles.
  • Account Disablement and Removal: Upon an employee’s departure, their account is immediately disabled from sign-in and subsequently removed to prevent unauthorized access.
  • Identity Protection: We have Azure Entra ID Identity Protection deployed to detect and remediate identity-based risks. This system leverages machine learning to identify suspicious activities such as anomalous sign-ins (e.g., from unfamiliar locations or infected devices), leaked credentials, and brute-force attacks. Automated responses, including requiring Multi-Factor Authentication (MFA) or blocking sign-ins, are configured to mitigate risks in real-time.

Multi-Factor Authentication (MFA)

  • Mandatory MFA: Multi-Factor Authentication (MFA) is a standard and mandatory security measure deployed across our systems. We utilize the Microsoft Authenticator Application.

Single Sign-On (SSO)

  • SSO Support: We provide Single Sign-On (SSO) capabilities using Azure Entra ID to streamline user access and enhance security.
  • Supported Protocols: We support SAML for traditional applications, OAuth/OpenID Connect for modern web/mobile applications, and leverage the Microsoft Graph API for seamless identity integration and automation.

Provisioning Digital Identities

  • Automated Provisioning (SCIM): While manual provisioning is available for specific cases, we strongly support automated provisioning, particularly using SCIM (System for Cross-domain Identity Management). This allows for efficient deployment and scaling of automated creation, updates, and de-provisioning of user identities across connected applications, ensuring accuracy and security at speed.

3. Cyber Security Training and Awareness

A well-informed team is critical to our cyber defense strategy.

  • IT Onboarding: All employees receive an IT onboarding session that identifies and outlines common cyber threats.
  • Continuous Awareness: We maintain continuous staff awareness of identified threats or approaches. This information is communicated company-wide within a business WhatsApp group to all staff.
  • Reporting Suspicious Activity: Suspicious activity is reported to lee@adapt.mobi, who manages IT.

4. Endpoint Security and Protection

We implement a multi-layered approach to endpoint security.

  • On-Device Threat Prevention: Norton Antivirus for Business provides robust on-device threat prevention for all endpoints.
  • Network-Level Defense: This is significantly enhanced by our use of Cisco Meraki networking, which offers centralized visibility and control over all connected devices. Meraki’s integrated security features, including advanced firewalls and intrusion prevention, provide a crucial network-level defense, detecting and blocking threats before they reach the endpoint.

5. Data Backup Policy and Frequency

Our data backup strategy primarily leverages Microsoft’s robust native capabilities for data residing within Microsoft SharePoint (as part of our Office 365 environment).

  • Microsoft’s Native Capabilities:
    • Continuous Data Replication: Data is continuously replicated across multiple data centers for high availability and disaster recovery.
    • Geo-Redundancy: Data is stored in physically separate locations to protect against regional outages.
  • Internal Policy Complements:
    • Version History: SharePoint’s built-in versioning allows for the recovery of previous document versions.
    • Recycle Bin Retention: Items deleted by users are retained in the Recycle Bin for a significant period (typically 93 days), enabling self-service recovery.

6. International Standards and Certifications

  • Current Initiatives: We are actively working towards ISO 9001 and ISO 14001 management system certifications. Tarryn from our team is managing this process.

7. 24/7 Information Security Monitoring Practices

We maintain continuous monitoring of our information security landscape.

  • Microsoft Azure Security Solutions: Our core monitoring is anchored in Microsoft’s advanced security suite, including Azure Sentinel (our Security Information and Event Management/SIEM platform) and Microsoft Defender for Cloud. These solutions provide real-time visibility and analytics across our cloud infrastructure, applications, and identities within our Office 365 environment, enabling sophisticated threat detection and automated responses.
  • Cisco Meraki Networking: Our Cisco Meraki infrastructure provides crucial network-level security monitoring. It delivers real-time insights into network traffic, device behavior, and firewall logs, allowing us to identify and address network anomalies and potential intrusions swiftly.
  • Endpoint Protection: This is complemented by our endpoint protection platform, Norton Antivirus for Business, which provides critical telemetry from individual devices.
  • Security Operations Team: Our security operations team monitors alerts generated by these systems around the clock.

8. Cyber Insurance and Data Protection Compliance

  • Information Commissioners Office (ICO): We pay the Information Commissioners Office (ICO) fee, demonstrating our commitment to data protection.
  • Legal Compliance: We fully comply with the Data Protection Act and UK GDPR.

9. Incident Response Procedure

We have established clear procedures for managing cyber security incidents.

  • Privacy Policy: As described in our privacy policy (https://www.adapt.mobi/privacy-policy/), we have put in place procedures to deal with any suspected personal data breach.
  • Notification: We will notify the impacted party and any applicable regulator of a breach, such as the ICO, where we are legally required to do so.

Service Level Agreements (SLAs) for Cyber Security Incidents

For Critical and High-Severity Incidents (e.g., active breaches, major service disruption):

  • Detection: Leveraging our 24/7 security monitoring, our SLA for detection is near-instantaneous upon the system identifying an anomaly.
  • Initial Response & Containment: We commit to initiating our incident response protocols and beginning containment efforts within minutes of a confirmed critical incident.
  • Resolution & Recovery: With our Microsoft, Cisco, and Norton support maintenance packages, vendor support allows ADAPT to eradicate the threat and restore affected services as quickly as possible, minimizing any operational disruption.

Contact Points for Incidents

In the event of a cyber security incident or personal data incident/breach, please contact:

  • Lee Morgan: lee@adapt.mobi (+447929656198)
  • Privacy Team: privacy@adapt.mobi