Data Backup & Chinese Wall Policy
A. Applicability of the Policy
This Data Backup, Storage and Security Policy (“Policy”) is adopted by Chiranjiv Capital Services Limited (“Company” / “CCSL”) and shall be applicable to every person associated with the Company in the business of merchant banking, including the Board of Directors, Key Managerial Personnel, employees, and all staff working in the Company.
The purpose of this Policy is:
- To ensure that the Company securely stores all data and information and can retrieve it when needed.
- To protect Company’s data by ensuring that it is handled and stored in a secure manner.
- To define the procedures and responsibilities for backing up Company’s data to ensure its availability in case of data loss.
B. The Policy
a) Company’s Data/Information Storage and Security
- All employees must ensure data is stored securely based on format and security classification. This protects against physical damage, degradation, loss, unauthorized access, and hacking.
- Client information and Company data must not be stored outside corporate systems (such as on PC hard drives, CDs, or personal media) unless authorized temporarily.
- All critical business data must be stored in two separate physical locations to protect against physical threats such as fire, flooding, magnetic interference, and extreme environmental conditions.
- Data no longer needed for operations and not required to be archived will be destroyed in a timely and secure manner.
- Physical access to information storage areas (file cabinets, server rooms) must be restricted and locked.
- Digital systems must be password-protected or encrypted, and access credentials must be updated periodically.
- Software installations on Company devices must be pre-approved in writing by the IT department.
- Periodic audits and reviews will be conducted to identify and rectify security vulnerabilities.
b) Data Backup Guidelines
Backup and maintenance of data are critical to the viability and operations of the Company. The backup aspects of our IT infrastructure are detailed below:
| Aspect | Details |
|---|---|
| Backup Schedule | Regular schedules must be maintained. Full backups are performed weekly, with incremental backups occurring daily. All backups are encrypted and stored in a secure, off-site location. |
| Roles & Responsibilities | The IT department is responsible for executing backups as scheduled. The department head ensures procedures are followed and reviewed. |
| 3-2-1 Backup Rule | At least 3 copies of data (original production and 2 backups). At least 2 different types of media (local disk, tape, or external disk). At least 1 backup copy stored off-site (cloud or remote site). |
| Backup Procedures | IT must use secure hardware/software. Data includes investor information, financial records, and operational data. |
| Data Retention | Retain all backup data for a minimum of five (5) years, or longer as required by law or industry regulations. |
| Disaster Recovery | In the event of data loss, the IT department shall follow the disaster recovery plan to restore data from the most recent backup copy. |
| Review & Testing | Annual review of policy and procedures. Quarterly testing of backup and restoration procedures to ensure effectiveness. |
The Company has adopted a Chinese Wall Policy to ensure strict segregation of sensitive information and to prevent any conflict of interest in the course of its Merchant Banking and related business activities.
Key Provisions:
- Information Barriers: Distinct functional areas are created to separate advisory, capital raising, and research activities, ensuring that Unpublished Price Sensitive Information (UPSI) does not flow across divisions.
- Access Control: Only authorized personnel on a “need-to-know” basis are permitted to access sensitive information, with role-based restrictions and monitoring in place.
- Physical & Electronic Safeguards: Separate workspaces, restricted IT permissions, and secure communication channels are maintained to uphold confidentiality.
- Compliance Oversight: The Compliance Officer monitors adherence to the Chinese Wall framework and records all instances where wall-crossing is permitted under regulatory approval.
- Fair Market Conduct: The Policy ensures that decisions regarding advisory, underwriting, or investment services are taken independently and free from influence of other business functions.
Through this mechanism, the Company ensures confidentiality, independence, and regulatory compliance, thereby protecting client interests and maintaining the integrity of capital markets. This policy is reviewed on an annual basis.