Purpose
This policy safeguards the creation and deployment of accounts, digital content, products, and information, including all client-related materials handled by WyzLab Solutions.
Scope
It applies to all employees, interns, contractors, vendors, and third-party partners who use or manage WyzLab Solutions’ digital platforms, products, and services.
Account Creation and Access
All new service, platform, product, or client accounts require a written request and prior approval from a designated manager or executive; shared or unofficial accounts are not allowed.
All new client accounts, portals, or access points must be coordinated with the client’s designated contact and the internal project lead to ensure correct configuration, roles, and accountability.
Credentials must follow secure storage protocols, and contacts, billing, and admin rights must use official company or client information (no personal emails) and apply least-privilege access.
Consequences: Unauthorized or unapproved account creation, use of shared or personal-email-based admin accounts, or bypassing approval flows may lead to:
immediate suspension or removal of access
written warning or formal disciplinary action
reporting to management, IT/security, and, if personal data is affected, the Data Protection Officer for possible notification to the National Privacy Commission.
Software and Product Deployment
No software, application, module, or digital product may be deployed internally or for a client without written sign-off from the project owner or designated approver.
A deployment checklist is mandatory and must cover at least code review, QA testing, backup, security checks, and rollback plans, with deployment logs capturing operator, date/time, environment/version, and relevant client details.
Emergency or rapid deployments require escalation to a manager or project owner, followed by documentation and a post-incident review.
Consequences: Deploying without required approvals, checklists, or logs may result in:
rollback of changes
revocation of deployment privileges
performance or disciplinary actions
potential liability and incident reporting if client operations or data are impacted.
Content Creation and Deployment
All digital content (e.g., website copy, marketing materials, e-learning modules, client deliverables, documentation, videos, designs, data sets) must have a clearly assigned owner and documented approval before client use or publication.
Both company-developed and client-provided content must undergo review by the relevant department and/or client to ensure quality, brand alignment, and regulatory compliance.
Sensitive, client-specific, or regulated content must be cleared by compliance and/or legal (or the designated data protection function) before delivery or publication, with all deployments logged (approver, date/time, platform/client destination).
Consequences: Publishing unapproved, poor-quality, or non-compliant content may result in:
mandatory takedown or correction
loss of content publishing rights
formal disciplinary measures
possible contractual penalties or claims if client agreements or laws are breached.
Digital Information and Data Management
All digital information, databases, and records (including client, business, and proprietary data) must follow the company’s data management and privacy policies and the Data Privacy Act of 2012 and its updated security circulars.
Access must be granted only to authorized personnel, based on documented approval and least-privilege principles, with regular reviews and prompt deactivation of inactive or separated-user accounts.
Sharing any digital information with clients or external parties requires a security review, appropriate safeguards (e.g., encryption, secure channels), and specific approval.
Data storage, backup, and archiving must comply with company standards, law, and, where applicable, client-specific requirements such as GDPR and NPC issuances.
Consequences: Mishandling data, bypassing access controls, or unauthorized sharing can result in:
immediate revocation of system access
internal disciplinary action up to termination
potential administrative, civil, or criminal liability under Philippine data privacy law and client contracts.
Client Involvement and Communication
Clients are entitled to review, approve, and request changes on deliverables, deployed products, and content as defined in project agreements.
All key client communications regarding project accounts, deployments, and changes must be documented in the project file or approved system for traceability.
Agreed client feedback loops and sign-off processes must be followed consistently for all client-facing development, deployment, and information-sharing activities.
Consequences: Ignoring agreed client review and approval processes may lead to:
rework at the team’s or company’s cost
formal client complaints and reputational impact
internal performance or disciplinary actions.
Enforcement, Responsibilities, and Review
Violations, incidents, or suspected breaches must be reported immediately to management and IT/security, and, where personal data is involved, to the Data Protection Officer.
Project and Content Managers oversee compliance and approvals; IT/Admin manages secure account, system, and data operations; all employees, interns and contractors must strictly follow this policy; clients participate in review and approval cycles as agreed.
This policy will be reviewed at least annually and may be amended at any time to reflect changes in business needs, technology, laws, or regulatory guidance, with material changes communicated to affected personnel.
