1. Policy Statement
Marc & Zed is committed to maintaining the highest standards of information security to protect the confidentiality, integrity, and availability of our information assets. This policy establishes the framework for the Information Security Program within the organization.
This policy applies to all employees, contractors, third-party vendors, and any individuals with access to Marc & Zed's information assets.
3. Information Classification
All information assets must be classified based on sensitivity and criticality. Classifications include:
Internal Use Only
4. Access Control
Access to information systems and data will be granted based on the principle of least privilege.
User access rights will be reviewed regularly and adjusted as needed.
Access to sensitive information requires proper authorization.
5. Data Protection
Personal and sensitive data will be collected, processed, and stored in compliance with relevant data protection laws and regulations.
Encryption will be used for sensitive data during transmission and storage.
6. Security Awareness and Training
All employees will receive regular training on information security best practices.
Training will cover topics such as phishing awareness, password security, and the proper handling of sensitive information.
7. Incident Response
8. Physical Security
Physical access to data centers, server rooms, and other critical infrastructure will be restricted and monitored.
Equipment containing sensitive information will be secured against theft or unauthorized access.
9. Network Security
Firewalls, intrusion detection systems, and antivirus software will be implemented to protect the network infrastructure.
Wireless networks will be secured using strong encryption and access controls.
10. Remote Access
11. Vendor Management
13. Monitoring and Auditing
14. Review and Update