INFORMATION SECURITY POLICY & PROCEDURES
1. Policy Statement
Marc & Zed is committed to maintaining the highest standards of information security to protect the confidentiality, integrity, and availability of our information assets. This policy establishes the framework for the Information Security Program within the organization.
2. Scope
This policy applies to all employees, contractors, third-party vendors, and any individuals with access to Marc & Zed's information assets.
3. Information Classification
All information assets must be classified based on sensitivity and criticality. Classifications include:
Public
Internal Use Only
Confidential
Highly Confidential
4. Access Control
Access to information systems and data will be granted based on the principle of least privilege.
User access rights will be reviewed regularly and adjusted as needed.
Access to sensitive information requires proper authorization.
5. Data Protection
Personal and sensitive data will be collected, processed, and stored in compliance with relevant data protection laws and regulations.
Encryption will be used for sensitive data during transmission and storage.
6. Security Awareness and Training
All employees will receive regular training on information security best practices.
Training will cover topics such as phishing awareness, password security, and the proper handling of sensitive information.
7. Incident Response
An incident response plan will be maintained to address and manage security incidents promptly.
All security incidents will be reported to the designated security officer.
8. Physical Security
Physical access to data centers, server rooms, and other critical infrastructure will be restricted and monitored.
Equipment containing sensitive information will be secured against theft or unauthorized access.
9. Network Security
Firewalls, intrusion detection systems, and antivirus software will be implemented to protect the network infrastructure.
Wireless networks will be secured using strong encryption and access controls.
10. Remote Access
Remote access to the company's network and systems will be granted based on business needs and secured using encryption.
11. Vendor Management
Third-party vendors with access to Marc & Zed's information assets will be evaluated for their security practices.
Contracts with vendors will include information security requirements.
12. Compliance
Marc & Zed will comply with all relevant laws, regulations, and industry standards pertaining to information security.
13. Monitoring and Auditing
Regular monitoring and auditing of information systems will be conducted to detect and respond to security events.
14. Review and Update
This policy will be reviewed and updated periodically to ensure its effectiveness and relevance.
15. Enforcement
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.