This policy establishes the official cybersecurity and account management framework for MAKcubes™, including its affiliated platforms CardMe™, Ark ERP™, and Rayhan CMS™. It ensures the protection of company systems, user data, and digital assets in compliance with the National Cybersecurity Authority (NCA) standards of Saudi Arabia.

This policy applies to:

1. All permanent and temporary employees of MAKcubes and Fursatee.
2. Contractors, technical partners, and authorized collaborators.
3. Any user granted access to company systems, servers, or accounts.
4. All departments managing infrastructure, emails, and user data.

1. Access is granted only through officially approved credentials.
2. Only corporate emails (e.g., name@makcubes.com/  name@thecardme.com) may be used for system access.
3. Personal emails are strictly prohibited for any business or technical use.
4. Access permissions are reviewed every 30 days to ensure validity.
5. Upon employee departure or contract termination:
   • All access rights are revoked immediately.
   • All company devices, data, and credentials must be returned.
   • The security department is formally notified of the termination.

1. Passwords must be at least 12 characters long and include uppercase, lowercase, numbers, and symbols.
2. Weak or reused passwords are prohibited.
3. Two-Factor Authentication (2FA) is mandatory for all sensitive systems (Email, Server, Dashboard).
4. Passwords must be updated every 90 days or immediately upon any security suspicion.

1. Servers are managed solely by designated technical administrators.
2. Secure protocols (SSH with private key) must be used for all access.
3. Installing unapproved software or downloading unknown files is forbidden.
4. Daily backups must be maintained and stored securely in an isolated environment.
5. All sensitive databases must be encrypted using AES-256 or equivalent protocols.

1. All official communications must be conducted via corporate email only.
2. Personal or external forwarding of company emails is prohibited.
3. Automatic forwarding to non-company domains is strictly forbidden.
4. Upon employee departure, email access is blocked and forwarding is temporarily redirected to a supervisor.
5. Email accounts are audited monthly for anomalies or unauthorized activity.

1. Company networks and devices are to be used for business purposes only.
2. Installation of unlicensed software or accessing unsafe websites is prohibited.
3. Firewalls and continuous monitoring are mandatory across all networks.
4. In case of suspicious activity, the affected network segment shall be isolated until investigation is complete.

1. All employees must report security incidents or breaches immediately to the Cybersecurity Team.
2. Each incident is logged, analyzed, and documented with corrective actions.
3. Regular reports on security posture and risk assessments are submitted to executive management.

1. Any violation of this policy constitutes a serious offense and may lead to termination and legal action.
2. Disciplinary measures follow company regulations and Saudi labor laws.

1. This policy shall be reviewed every six (6) months or upon regulatory or technical updates.
2. The approved version is published internally and on the company systems portal.

This policy is governed by:

1. The National Cybersecurity Authority (NCA) standards.
2. The Saudi Authority for Intellectual Property (SAIP) regulations.
3. Saudi laws on data protection and electronic systems usage.

© MAKcubes™ – All Rights Reserved.