INFORMATION SECURITY POLICY & PROCEDURES

1. Policy Statement

Marc & Zed is committed to maintaining the highest standards of information security to protect the confidentiality, integrity, and availability of our information assets. This policy establishes the framework for the Information Security Program within the organization.

2. Scope

This policy applies to all employees, contractors, third-party vendors, and any individuals with access to Marc & Zed's information assets.

3. Information Classification

All information assets must be classified based on sensitivity and criticality. Classifications include:

• Public

• Internal Use Only

• Confidential

• Highly Confidential

4. Access Control

• Access to information systems and data will be granted based on the principle of least privilege.

• User access rights will be reviewed regularly and adjusted as needed.

• Access to sensitive information requires proper authorization.

5. Data Protection

• Personal and sensitive data will be collected, processed, and stored in compliance with relevant data protection laws and regulations.

• Encryption will be used for sensitive data during transmission and storage.

6. Security Awareness and Training

• All employees will receive regular training on information security best practices.

• Training will cover topics such as phishing awareness, password security, and the proper handling of sensitive information.

7. Incident Response

• An incident response plan will be maintained to address and manage security incidents promptly.

• All security incidents will be reported to the designated security officer.

8. Physical Security

• Physical access to data centers, server rooms, and other critical infrastructure will be restricted and monitored.

• Equipment containing sensitive information will be secured against theft or unauthorized access.

9. Network Security

• Firewalls, intrusion detection systems, and antivirus software will be implemented to protect the network infrastructure.

• Wireless networks will be secured using strong encryption and access controls.

10. Remote Access

• Remote access to the company's network and systems will be granted based on business needs and secured using encryption.

11. Vendor Management

• Third-party vendors with access to Marc & Zed's information assets will be evaluated for their security practices.

• Contracts with vendors will include information security requirements.

12. Compliance

• Marc & Zed will comply with all relevant laws, regulations, and industry standards pertaining to information security.

13. Monitoring and Auditing

• Regular monitoring and auditing of information systems will be conducted to detect and respond to security events.

14. Review and Update

• This policy will be reviewed and updated periodically to ensure its effectiveness and relevance.

15. Enforcement

• Non-compliance with this policy may result in disciplinary action, up to and including termination of employment.