Security Training Policy

Effective Date: 30 June 2025

This Security Training Policy outlines Uzabiz’s approach to educating employees and contractors on information security responsibilities and best practices to ensure the protection of customer data and the integrity of our platform.

1. Purpose

The purpose of this policy is to ensure that all personnel understand and fulfill their responsibilities in safeguarding information assets and maintaining compliance with data protection regulations.

2. Scope

This policy applies to all employees, contractors, interns, and third-party service providers who access Uzabiz systems or handle sensitive data.

3. Training Program Overview

• New employees must complete security awareness training within 30 days of hire.
• Annual refresher courses are mandatory for all employees.
• Training covers topics such as:
  • Recognizing phishing and social engineering attacks
  • Proper password and credential management
  • Safe use of email, WhatsApp, and internal systems
  • Data privacy laws (e.g., GDPR, Kenya Data Protection Act)
  • Incident reporting and response

4. Records and Monitoring

Uzabiz maintains a record of all completed security training sessions. Completion is monitored and enforced by the HR and IT security teams.

5. Compliance

Failure to complete mandatory training may result in suspension of access privileges or disciplinary action in accordance with company policies.

6. Updates and Review

This policy is reviewed annually and updated as needed to reflect evolving security threats and regulatory requirements.

Contact

If you have questions about this policy or require additional training, contact us at compliance@uzabiz.africa.