Security Policy

United Ceres College (UCC) is committed to protecting the confidentiality, integrity, and availability of information entrusted to us. This Security Policy describes the general principles and measures applied to safeguard information, systems, and digital services used by students, staff, partners, and website visitors.

1. Scope

This policy applies to UCC’s websites, online services, information systems, and digital platforms, including information processed directly by UCC or on its behalf by authorised service providers.

2. Information Security Governance

UCC maintains an information security governance framework designed to identify, assess, and manage security risks. Roles and responsibilities are defined to ensure that security measures are implemented, monitored, and reviewed in a structured and accountable manner.

3. Protection of Information

Reasonable administrative, technical, and organisational safeguards are implemented to protect information against unauthorised access, loss, misuse, alteration, or disclosure. These safeguards include access controls, secure system configurations, monitoring, and appropriate use of encryption technologies where necessary.

4. Personal Data Protection

Personal data is handled in accordance with the Personal Data Protection Act 2012 (PDPA). Security measures are applied throughout the data lifecycle, including collection, use, storage, transmission, and disposal, to protect personal data from unauthorised access or disclosure.

For more information, please refer to United Ceres College’s Personal Data Protection Policy: 
https://unitedceres.edu.sg/personal-data-protection/ 

5. Website Data and System Logs

To operate and secure our digital services, UCC may collect technical information such as IP addresses, device or browser information, access timestamps, and system logs. This information is used for security monitoring, troubleshooting, and service improvement purposes, in accordance with applicable laws and policies.

6. System and Network Security

UCC applies safeguards to protect its systems and networks from security threats such as unauthorised access, malware, and service disruption. System performance and capacity are monitored to support availability, resilience, and secure access to services.

7. Incident Management

Information security incidents, including suspected data breaches or system compromises, are managed through defined response processes. Incidents are assessed, contained, investigated, and addressed in a timely manner to minimise impact and reduce the risk of recurrence.

8. Third-Party and Service Provider Security

Where third-party service providers are engaged, reasonable steps are taken to ensure that appropriate security measures are in place. Access to UCC systems or data is limited to what is necessary for service delivery and is subject to contractual and security requirements.

9. Cross-Border Data Processing

Where information is processed or stored outside Singapore, UCC takes reasonable steps to ensure that such processing provides a standard of protection comparable to the PDPA, including the use of contractual and technical safeguards.

10. User Responsibilities

Users are responsible for taking reasonable measures to protect their own devices and access credentials. This includes keeping login details confidential, using strong passwords, and notifying UCC promptly if unauthorised access or suspicious activity is suspected.

11. Vulnerability Reporting

If you believe you have identified a security vulnerability affecting UCC systems or services, please report it responsibly by contacting us at the email address below. Please provide sufficient details to allow investigation and avoid public disclosure until UCC has had a reasonable opportunity to respond.

12. Continuous Improvement

UCC regularly reviews and improves its security practices based on risk assessments, audits, technological developments, and regulatory changes. Security awareness and accountability are promoted across the organisation to support continual improvement.

13. Limitations

While UCC takes reasonable steps to protect information and systems, no method of electronic transmission or storage is completely secure. UCC cannot guarantee absolute security against all threats, particularly those beyond its reasonable control.

14. Enquiries and Contact

For security-related enquiries or concerns, please contact: 
Email: [email protected]