This Information Security Policy outlines the measures taken by DataBillity to protect the information assets of our customers and maintain the confidentiality, integrity, and availability of customer data. This policy is applicable to all employees, contractors, and third-party vendors who have access to customer data or information systems.
Access to customer data and information systems will be granted on a need-to-know basis. Access rights will be granted based on job roles and responsibilities, and access to sensitive information will be restricted
1.1. User Access Management
User access will be managed through the use of secure passwords and multi-factor authentication. User accounts will be disabled or removed when no longer required, and password policies will be enforced to ensure strong passwords.
1.2. Third-Party Access Management
Third-party vendors who require access to customer data will be granted access only after completing a vetting process. These vendors will be required to sign a confidentiality agreement and agree to comply with our information security policies.
The protection of customer data is of the utmost importance, and all measures will be taken to safeguard against unauthorized access, loss, or destruction of data.
2.1. Data Classification
Customer data will be classified according to its sensitivity and the level of protection required. Appropriate security measures will be implemented based on the classification of data.
2.2. Data Handling
Customer data will be handled in accordance with the relevant laws and regulations. Data will be collected, processed, stored, and transmitted securely, and measures will be taken to prevent unauthorized access, use, disclosure, or destruction of customer data.
An incident management process will be implemented to ensure that any security incidents are detected, reported, and handled promptly. All employees and third-party vendors will be trained on incident management procedures.
DataBillity is committed to complying with all relevant laws, regulations, and industry standards. We will conduct regular reviews of our information security policies and procedures to ensure that we remain compliant with all applicable regulations and standards.
All employees and third-party vendors will be provided with training and awareness programs to ensure that they understand their roles and responsibilities regarding information security. Training will be provided on an ongoing basis, and all employees and third-party vendors will be required to undergo regular security awareness training.
Regular audits and reviews will be conducted to ensure that our information security policies and procedures remain effective and that any weaknesses or vulnerabilities are identified and addressed promptly.
DataBillity is committed to maintaining the confidentiality, integrity, and availability of customer data. This Information Security Policy outlines the measures we have taken to protect customer data and our commitment to maintaining the highest standards of information security.