logo

CloseCore Information Security Policy

1. Purpose

This Information Security Policy outlines the measures and responsibilities necessary to protect the confidentiality, integrity, and availability of the information assets managed by CloseCore, Inc. ("CloseCore") from threats, whether internal or external, deliberate, or accidental.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who have access to information systems and data under the CloseCore environment.

3. Policy Statement

CloseCore is committed to:
  • Ensuring that all company data is protected against unauthorized access.
  • Ensuring the integrity of data by protecting against unauthorized modification or destruction.
  • Ensuring that the information is available to authorized users when needed.

4. Information Classification

Data must be classified into the following categories: Confidential: Access restricted to individuals on a need-to-know basis. Internal Use Only: Restricted to management-approved internal access. Public: No restriction on access.

5. Roles and Responsibilities

Information Security Officer (ISO): Develops and implements the information security policies and procedures. IT Department: Manages and secures IT infrastructure and user access controls. Employees: Comply with all information security policies and report security incidents.

6. User Access Control

Access to CloseCore and its data is restricted based on roles defined by the IT department. Users must be granted the least privilege necessary to perform job responsibilities. User access rights must be reviewed at least bi-annually or upon job role change.

7. Data Protection

Data must be encrypted during transmission and at rest using industry-standard encryption methods. Regular backups must be performed and tested to ensure data recoverability.

8. Incident Response

An incident response plan must be in place to address any security breaches or data leaks. All employees must report any suspected security incident to the IT department immediately.

9. Training and Awareness

All employees must undergo annual security training to understand policy requirements and their personal responsibilities. Security awareness campaigns will be conducted to keep security at the forefront of business operations.

10. Policy Enforcement

Violation of these policies may result in disciplinary action, including termination. The IT department will conduct periodic audits to ensure compliance with this policy.

11. Policy Review and Modification

This policy will be reviewed annually or following significant changes to the business or IT environment to ensure its continued relevance and effectiveness.

Contact Us

If you have any questions about this Information Security Policy, please contact us at: [email protected].

Last updated: June 19, 2024