logo Kiroyan Partners

Kiroyan Partners recognizes that cybersecurity is fundamental to safeguarding sensitive information, maintaining client trust, and ensuring the integrity of our advisory work.

We are committed to maintaining secure digital practices across all systems, platforms, and interactions, supported by a risk-based approach aligned with international standards.

Scope and Application

This Policy applies to all individuals and parties who access or use the firm’s digital systems and information assets, including:

  • Employees and management.
  • Interns and project-based personnel.
  • Technical experts and advisors.
  • Third-party partners and consultants.

It covers all devices, systems, platforms, and applications used in connection with the firm’s operations.

Core Cybersecurity Principles

Our approach to cybersecurity is guided by the following principles:

  • Risk-based protection — Security measures are proportionate to the sensitivity of data and operational risk.
  • Access control — Information is accessible only to authorized individuals on a need-to-know basis.
  • Security by design — Digital tools and workflows are selected and configured with security considerations from the outset.
  • Shared responsibility — All users are responsible for maintaining secure practices.
  • Continuous vigilance — Risks are actively monitored and managed.

Acceptable Use of Systems and Digital Tools

All users are expected to use company systems and digital platforms responsibly and in accordance with this Policy.

Permitted Use

    • Accessing systems and data strictly for legitimate business purposes.
    • Using approved platforms and tools for collaboration and communication.
    • Leveraging digital tools, including AI, for productivity—provided no sensitive or confidential information is exposed.

Prohibited Use

    • Uploading or processing confidential or client-related data on unapproved or public platforms.
    • Sharing access credentials or bypassing security controls.
    • Using unauthorized applications or tools that may expose company or client data.
    • Engaging in activities that may compromise system integrity or security.

Use of Public Platforms and Artificial Intelligence

We recognize the growing role of cloud-based platforms and AI tools in professional work.

To mitigate risk:

  • Public or open-access platforms may only be used for non-sensitive and non-confidential information.
  • Confidential, client-related, or proprietary data must not be uploaded, processed, or stored on public platforms or AI tools.
  • Use of digital tools must comply with confidentiality obligations and internal data protection standards.

Protection of Devices, Accounts, and Data

We implement safeguards to protect digital assets, including:

  • Secure authentication practices and access controls.
  • Protection of devices through password controls and system updates.
  • Secure storage and transfer of data through approved systems.
  • Restricted access for third parties, subject to confidentiality obligations.

Users are expected to maintain basic cyber hygiene, including safeguarding credentials and exercising caution when handling digital communications.

Third-Party Access and Digital Collaboration

Access to systems and data by third parties is:

  • Granted only where necessary and authorized.
  • Restricted to defined scopes of work.
  • Subject to confidentiality and security obligations.
  • Revoked promptly upon completion of engagement.

Incident Awareness and Response

We maintain a structured approach to identifying and responding to cybersecurity incidents.

Users are expected to:

  • Remain alert to potential threats, including phishing or suspicious activity.
  • Report incidents or vulnerabilities promptly.

The firm will:

  • Assess and contain potential risks.
  • Implement corrective measures.
  • Strengthen controls to prevent recurrence.

Training and Awareness

We reinforce cybersecurity through:

  • Regular awareness and training initiatives.
  • Practical guidance on secure digital behavior.
  • Continuous reinforcement of responsible technology use.

Alignment with Standards and Policies

Our cybersecurity practices are informed by recognized frameworks and aligned with:

  • Data Protection & Confidentiality Policy
  • Privacy Policy
  • Code of Conduct

Further Information

This page provides a high-level overview of our cybersecurity and acceptable use practices. Detailed operational procedures, technical guidelines, and controls are implemented internally.

For inquiries, please contact:
info@kiroyan-partners.com

Last updated: March 2026.

let's work together

Tell us about your project brief or just contact us