Information Security Policy
Last updated on Thursday, December 27, 2018.
This document is meant to provide a framework for managing the security of the business information relevant to the platform. It describes measures employed to protect the confidentiality, integrity and availability of business information stored, processed or transmitted by any hardware or software (collectively known as "Information Systems") on the platform.
This document applies to the following:
- All computing and networking hardware used to host and operate the platform (collectively known as "platform hardware").
- All software used to run and operate the platform (collectively known as "platform software").
- Any computing and networking hardware or software attached to the platform hardware.
- All personnel involved in managing and maintaining the platform hardware or software.
This multi-purpose Cloud computing software on which this application is running.
» Platform Operator
Any individual or group of individuals using the platform to carry out business activities.
» Business Information
Any data owned by a user.
» Information System
Any electronic system (platform hardware or software) capable of storing, processing or transmitting information.
» Information Security Manager
A person designated by the platform operator as being responsible for the management, assurance and governance of all aspects related to the security of the information systems used to operate the platform. The Information Security Manager (or ISM in short) is also the owner for this document, ensuring that it is always kept up to date.
» System Administrator
A person designated by the platform operator as being responsible for regular operations, maintenance and upkeep of the information systems.
D. Platform Operator Responsibilities
We, the platform operator are committed to the following:
- Protecting access to all business information stored on the information systems or while it is being processed or transmitted from unauthorized access, including from system administrators having direct access to the information systems.
- Putting appropriate measures in place to prevent unauthorized access to business information stored on the information systems by parties other than those designated by us.
- Complying with all prevailing laws relating to information security in the regions we operate.
- That we will not sell, share or otherwise distribute in any form the business information of the users without their prior written consent, other than to comply with statutory requirements and requests for law-enforcement agencies.
- Training all system administrators on prevailing security best practices and statutory requirements.
E. User Responsibilities
Users agree to the following:
- By using any of the features or functions offered by the platform, users agree to abide by all prevailing terms and conditions under which the features and functions being used are being offered.
- That any action performed on the platform will be legally binding on the users and on the legal entity they represent (if any).
- That they will not disclose or share any information obtained on the platform as part of their day-to-day work to any unauthorized personnel or business entities.
- That they will not share confidential information such as passwords with other users.
This document is reviewed periodically in the first week of January, April, July and October of every Gregorian calendar year.
Any updates required to the policy are incorporated at the time of the reviews.
Any changes to this document must be approved by the ISM in order for them to become effective.
H. Additional Information
I. Contact Information
In case of any questions or feedback related to this document, please reach out to the Information Security Manager directly at firstname.lastname@example.org.
J. Change Log
- December 27, 2018: Added numbers to the document sections to make it easier to refer to them within the document, or from other documents.
- June 11, 2018: Document visibility changed from signed-in users only to all users so that it can be viewed by all users.
- January 25, 2016: Initial version of the document published.