ANCHOR TELECOMS POLICY

ANCHOR TELECOMS POLICY (ATNL-IMS-POL-005-R00)

SECTION 1: INTEGRATED QUALITY, OCCUPATIONAL HEALTH & SAFETY AND INFORMATION SECURITY POLICY (QHSEIS)

ANCHOR TELECOMS NIGERIA LIMITED (ATNL) is committed to the quality of its Telecoms services & servicing, protecting the health & safety of people & environment and preserving the confidentiality, integrity & availability of stakeholders’ information supplied by, generated by, and held on behalf of the organization.

We are also committed to:

  • Fulfillment of all legal, statutory and other requirements (including ISO 9001:2015, ISO 45001:2018 & ISO 27001:2022) to which ATNL subscribes that relates to its QHSEIS issues and that are relevant to its context.
  • Establishing, updating, and communicating objectives and measurable targets to drive and demonstrate continuous improvement and efficiency of the measures implemented to lower risks.
  • Identifies and evaluates all risks and performs appropriate measures to eliminate hazards and lower QHSEIS risks to acceptable levels.
  • Continual improvement of our QHSEIS through customer satisfaction feedback, QHSEIS non-conformances elimination, risk assessment & treatment strategies to enhance our QHSEIS Performance.
  • Provide resources, contingency plans, and recover from any emergency, crisis and business disruption.
  • Ensuring the confidentiality, integrity, and availability of information to protect against unauthorized access, loss, or corruption.
  • Consultation and participation of workers, and where they exist, workers’ representatives, in the decision-making processes regarding the QHSEIS management system.

This policy provides a framework for setting measurable QHSEIS objectives, implemented, maintained and continually reviewed for suitability, effectiveness and compatible with the strategic direction, reviewed during management review meetings.

The Managing Director is responsible for ensuring that this policy statement is communicated, understood, and applied within the organization and is available to relevant interested parties, as appropriate.

All employees have the responsibility to apply the intent of the policy to assigned tasks.

SECTION 1.1: PRIVACY, DATA PROTECTION & COOKIE POLICY

1.1.1 General Overview & Purpose
This policy governs how Anchor Telecoms continuously collects, processes, and protects the Personally Identifiable Information (PII) of our clients, employees, website visitors, and vendors. We treat all personal data with strict confidentiality in accordance with statutory data protection regulations (e.g., Nigeria Data Protection Act – NDPA) and this privacy policy.

1.1.2 Notice Concerning the Responsible Party
The party responsible for processing data is Anchor Telecoms (MD/CEO & Management Representative). The responsible party decides on the purposes and means of processing personal data (names, email addresses, network logs, etc.) to ensure the proper functioning of telecom services, fiber implementation, and SLAs.

1.1.3 Data Collection on Our Platforms

  • Customer and Contract Data: We continuously collect, process, and use personal data (Master Data) only insofar as it is necessary to establish or modify legal relationships with clients and vendors. This includes data required to provision Enterprise Connectivity or manage Service Level Agreements.
  • Server Log Files: Our IT systems automatically collect technical data when you use our website or Omaasshield portals (Browser type, OS, Referrer URL, Hostname, Time of request, IP address). This ensures optimized, error-free service provision.
  • Contact Forms: Data entered into web forms or physical visitor logs is collected solely to answer inquiries and maintain physical site security.

1.1.4 Data Security & Encrypted Communications

  • Complete protection of data is prioritized. All payment transactions and transmission of sensitive client network designs utilize encrypted SSL/TLS connections (recognized by “https://”).
  • Digital PII is securely stored within our Google Workspace infrastructure with strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) enforced.
  • Hard copies of employee data or vendor NDAs are continuously secured in locked physical cabinets managed by the Admin Department.

1.1.5 Third-Party Data Transfer & Supplier Relationships
Anchor Telecoms transmits personally identifiable data to third parties only to the extent required to fulfill the terms of your contract (e.g., to banks processing payments or ISPs entrusted to deliver bandwidth). Data is never disclosed to third parties for advertising purposes. All third parties are continuously vetted and bound by strict Non-Disclosure Agreements (NDAs).

1.1.6 Analytics and Tracking (Cookie Policy)
Our platforms utilize cookies to make our website user-friendly, efficient, and secure.

  • Session Cookies: Most are “session cookies” deleted after your visit.
  • Analytics Cookies: We utilize anonymized analytics tools to analyze usage behavior to optimize our services. IP addresses are anonymized before storage.
  • User Control: Users may configure their browsers to reject cookies or utilize opt-out mechanisms. Continuing to use our platforms implies consent to our cookie management.

1.1.7 Data Subject Rights (Information, Blocking, Deletion)
In compliance with the NDPA, all stakeholders have the continuous right to:

  • Information & Access: Request information free of charge about stored personal data, its origin, and the purpose of processing.
  • Correction & Deletion: Request that data be corrected, blocked, or securely deleted once business or legal retention periods expire.
  • Revocation of Consent: Revoke consent for data processing at any time via an informal email request.
  • Data Portability: Have data delivered to themselves or a third party in a standard, machine-readable format.
  • File Complaints: File a complaint with the Nigeria Data Protection Commission (NDPC) if a breach of legislation occurs.

1.1.8 Opposition to Promotional Emails & Retention
We expressly prohibit the use of contact data published on our platforms for sending unsolicited promotional materials (spam). Anchor Telecoms reserves the right to take specific legal action in such events. Collected customer and employee data is deleted or securely shredded after completion of the order or termination of the business relationship, provided it does not conflict with statutory legal retention periods (e.g., tax laws or NCC archiving mandates).

SECTION 2: INFORMATION, COMMUNICATIONS, TECHNOLOGY & SECURITY POLICIES (ISO 27001)

2.1 Scope and Purpose

These Information, Communications, Technology, and Information Security Policies are intended to establish a culture of openness, trust, confidentiality, integrity, and availability by protecting Anchor Telecoms assets (including Cloud Service Assets, Omaasshield, Google Workspace, Zoho) and resources from intentional or unintentional damage. This applies to anyone who uses the services (“Customer”) and any permitted third party (“End Users”).

2.2 Acceptable Use (Online, Physical and Cloud)
All affected Staff shall not use, or encourage, promote, facilitate or instruct others to use Anchor Telecoms Services to:

  • Commit or encourage fraudulent or other illegal activities.
  • Infringe or misappropriate any copyright or intellectual property.
  • Access or probe any network, computer or communications system without authorization (breaches, vulnerability scans).
  • Attack, abuse, or disrupt any users, Systems or services (e.g., DoS, distribution of malware).
  • Distribute unwanted, unsolicited mass e-mail (Spam).
  • Disable, intercept, or circumvent the security of the Services.

2.3 Information Management and Handling
Staff are mindful of the security requirements of information systems at all times:

  • Assets must be used primarily for business purposes.
  • Staff must comply with the non-disclosure provisions and the Data/Privacy Management Policy.
  • Staff must only access Sensitive or Security Classified information when there is a valid business requirement.
  • Destruction of records is to occur only with prior formal approval using approved disposal authorities.

2.4 Media and Equipment (BYOD)
Staff must report all lost or stolen equipment to their immediate manager and the IT Help Desk. Staff must not download unauthorized software or connect unauthorized devices. ‘Bring Your Own Device’ (BYOD) may be connected to Anchor’s network subject to approval by the ISMS Lead after complying with:

  • Completion of device registration and OTA configuration.
  • Data classification guidelines to ensure data separation.
  • No disabling of monitoring controls (Omaasshield).

2.5 Clear Screen and Clear Desk Policy

  • Clear Screen: Staff must lock their screens when away from their devices. Systems must be set to automatically lock the screen whenever idle for 5 minutes.
  • Clear Desk: All sensitive or critical business information must be locked away when not in use. Paper and computer media must be stored in suitable locked safes or cabinets. Open office areas must not be used as file servers.

2.6 User Access & Passwords
Access is granted on a ‘need-to-know’ basis. User passwords must meet the following complexity requirements:

  • Length: Minimum 8, Maximum 16 characters.
  • Re-use: Cannot be the same as any of the previous 32 passwords.
  • Complexity: At least one capital letter, one symbol, and one number.
  • Change Frequency: At least every 90 days.
  • Account Lockout: On 5 incorrect logon attempts (requires IT reset).

2.7 Data Classification, Collection and Sharing
Data is classified into four levels:

  1. Public: Widely available (brochures, website). No special handling.
  2. Internal Use (Authorized Users): Routine operational info. Reasonable precautions.
  3. Restricted (Management Only): Vendor contracts, system configs, RF topologies. Encryption required for external transmission.
  4. Confidential (Top Management): PII, financial data, access codes. Encryption mandatory; e-mail transfer strongly discouraged.

2.8 Internet and E-mail Communication
Anchor Telecoms approves the use of Google Workspace as official messaging.

  • Messages remain the property of Anchor Telecoms.
  • Users must not forward spam, use profanity, or transmit discriminatory material.
  • Social Media: Staff must make it clear that personal views are their own, and not disclose Sensitive information obtained through work.

2.9 Incident Reporting & Monitoring
Staff must report information security incidents (suspected breaches, lost media, malware) to the ISMS team immediately. Employee use of systems constitutes consent to automated broad sweep monitoring (via Omaasshield) and targeted logging to guard against unauthorized activities.

SECTION 3: INFORMATION SECURITY MANAGEMENT FRAMEWORK

3.1 Roles and Responsibilities

  • Head of Internal Audit: Provide ISMS program oversight, recommend policies, lead ISMS development, and monitor KPIs.
  • Asset Owners (HODs): Accountable for protecting information within their systems, defining security classifications, and authorizing access.
  • All Users: Comply with policies, notify IT of security issues, and safeguard passwords/tokens.

3.2 Separation of Duties & Project Security
To reduce the risk of system misuse, separation of duties is implemented. The audit of controls remains independent from implementation. Security requirements must be addressed during the entire lifecycle of any project (e.g., new Fiber implementation software).

3.3 Anti-Malware Policy
All Anchor Telecoms production and non-production systems must have anti-virus protection software installed (Omaasshield/Kaspersky).

  • Users must not disable or tamper with antivirus configurations.
  • Signature files are updated automatically.
  • Downloading software from external sources is prohibited unless authorized by IT.

SECTION 4: HEALTH, SAFETY, AND ENVIRONMENT (ISO 45001 & 14001)

4.1 Safety & Personal Protective Equipment (PPE) Policy
Anchor Telecoms is committed to achieving Zero Fatalities and Zero Lost Time Injuries (LTIs).

  • Mandatory PPE: No personnel shall enter an active site (Greenfield, Tower, or Highway trenching) without the required CE/ANSI certified PPE (Hard hats, steel-toed boots, high-visibility vests).
  • Work at Height (WAH): A strict 100% Tie-Off Policy is enforced. Full-body rescue harnesses with double lanyards are mandatory. “No Cert, No Climb.”
  • Permit to Work (PTW) & LOTO: High-risk activities (RF zones, confined spaces, electrical integration) strictly require an authorized PTW and adherence to Lockout/Tagout (LOTO) isolation procedures.
  • Stop Work Authority: Every employee and subcontractor has the absolute right and obligation to halt work if unsafe conditions are observed.

4.2 Alcohol and Substance Abuse Policy
Anchor Telecoms operates a Zero Tolerance policy regarding the use, possession, distribution, or being under the influence of alcohol, illegal drugs, or unprescribed controlled substances while on company premises, operating company vehicles, or working on client sites.

  • Testing: The Company reserves the right to conduct pre-employment, post-incident, and unannounced random drug/alcohol testing, especially for safety-critical roles (Tower Riggers, Drivers, and Heavy Equipment Operators).
  • Violation: Violation of this policy constitutes gross misconduct and will result in immediate removal from the site and disciplinary action up to termination.

SECTION 5: CORPORATE CONDUCT & HUMAN RESOURCES

5.1 Anti-Discrimination & Equal Opportunity Policy
Anchor Telecoms is committed to providing a work environment free of harassment and discrimination. We ensure equal employment opportunity regardless of race, color, religion, gender, sexual orientation, national origin, age, disability, or marital status.

  • Industry Context: The telecommunications sector thrives on diverse talent. While global statistics show women comprise approximately 32% of the tech and telecom workforce, Anchor Telecoms actively strives to exceed industry averages by promoting merit-based hiring and inclusive leadership training.
  • Reporting: Any employee who believes they have been subject to discrimination should report it immediately to HR. All reports are investigated confidentially, and retaliation against complainants is strictly prohibited.

SECTION 6: VENDOR & SUPPLY CHAIN MANAGEMENT (ISO 9001/45001/27001)

6.1 Vendor Management & Pre-Qualification Policy
To ensure the integrity of our services, Anchor Telecoms rigorously manages its supply chain (Civil contractors, Fiber suppliers, Logistics partners).

  • HSE & InfoSec Pre-Qualification: 100% of subcontractors must complete an HSE/InfoSec evaluation questionnaire and pass vetting before contract award.
  • NDAs: All vendors handling proprietary network data or accessing Anchor IT infrastructure must sign a Non-Disclosure Agreement.
  • Performance Evaluation: Vendors are subjected to an Annual Supplier Performance Evaluation Scorecard. Vendors must maintain a minimum score of 80/100 to remain on the Approved Vendor List (AVL).
  • Safety Enforcement: Contracts mandate a “No PPE, No Entry” clause. Anchor Telecoms reserves the right to dismiss any vendor staff from a site for violating QHSE rules.

Approval & Acknowledgment

This Policy Manual is approved by Top Management. All staff, contractors, and third parties are required to read, understand, and formally acknowledge compliance with these policies upon engagement.