| Page Properties | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Subscribe to an RSS feed to be notified when we update Information Security Policy (note: you will need to cut and paste the "Subscribe to an RSS feed" URL into an RSS Feed Reader to monitor updates).
Overview
This Information Security Policy is intended to protect ecoPortal’s employees, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
...
Personnel is responsible for reading and complying with all policies relevant to their roles and responsibilities.
Role | Purpose |
To limit access to information and information processing systems, networks, and facilities to authorized parties in accordance with business objectives. | |
To identify organizational assets and define appropriate protection responsibilities. | |
To prepare ecoPortal in the event of extended service outages caused by factors beyond our control (e.g., natural disasters, man-made events), and to restore services to the widest extent possible in a minimum time frame. | |
To ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information. | |
To ensure that information is classified and protected in accordance with its importance to the organization. | |
To ensure that employees and contractors meet security requirements, understand their responsibilities, and are suitable for their roles. | |
Policy and procedures for suspected or confirmed information security incidents. | |
To ensure the correct and secure operation of information processing systems and facilities. | |
To prevent unauthorized physical access or damage to the organization’s information and information processing facilities. | |
To define the process for assessing and managing ecoPortal’s information security risks in order to achieve the company’s business and information security objectives. | |
To ensure that information security is designed and implemented within the development lifecycle for applications and information systems. | |
To ensure protection of the organization's data and assets that are shared with, accessible to, or managed by suppliers, including external parties or third-party organizations such as service providers, vendors, and customers, and to maintain an agreed level of information security and service delivery in line with supplier agreements. |
Policy Compliance
ecoPortal will measure and verify compliance with this policy through various methods, including but not limited to ongoing monitoring and both internal and external audits.
...