Written Information Security Policy
Effective administrative, technical and physical safeguards for the protection of personally identifiable information (PII) of customers, clients and employee.
This policy defines the steps required to revoke both physical and system access to The Company’s facilities and network resources.
Security Incident Procedures
The purpose of the policy is to develop the response to and reporting of security incidents, including the identification of and response to suspected or known security incidents.
This policy governs employee Sanctions and disciplinary actions for The Company. All employees must comply with this policy.
Network Security Policy
The purpose of the policy is to describe the physical safeguards applicable for each server, desktop computer system and wireless computer systems.
Access Control Policy
The purpose of the policy is to assure that systems containing PII and/or sensitive company data are accessed only by those persons or software programs.
Computer Use Policy
The purpose of this policy is to ensure that employees understand what functions should and should not be performed on The Company’s computers and network to maximize the security of PII and sensitive company data.
All media containing PII and sensitive company data, will be disposed of in a manner that destroys the data and does not allow unauthorized access to the data.
Bring Your Own Device Policy
The purpose of the policy is to develop the appropriate safeguards to protect PII and sensitive company data on employee personally owned devices.
Facility Security Plan
The purpose of the policy is to define the procedures that will limit physical access to PII and sensitive company data and the facility or facilities in which such systems are housed.