INFORMATION SECURITY AND PRIVACY MANAGEMENT SYSTEM ABRIDGED POLICY

Purpose

This policy outlines our commitment to protecting the confidentiality, integrity, and availability of all information collected and processed by our organization. It serves to establish guidelines and procedures for ensuring the security and privacy of data in accordance with applicable laws and regulations.

Scope

This policy applies to all employees, contractors, and third parties who have access to or handle information on behalf of our organization. It encompasses all forms of information, including but not limited to personal data, financial information, intellectual property, and business records, regardless of the format or storage medium.

Responsibilities

• Management: Senior management is responsible for establishing and maintaining an effective information security program, providing necessary resources, and ensuring compliance with this policy.

• Employees: All employees are required to adhere to this policy, participate in information security training, and report any security incidents or concerns promptly.

Our Policy Statement

1. Confidentiality: Seamfix recognizes the importance of keeping sensitive information confidential. This includes protecting customer data, proprietary business information, and any other confidential material from unauthorized access, disclosure, or use. Measures such as access controls, encryption, and non-disclosure agreements are implemented to maintain confidentiality.
2. Integrity: Seamfix ensures the integrity of its information assets by implementing controls to prevent unauthorized alteration, deletion, or destruction of data. This includes measures such as data validation, checksums, and version control to ensure that information remains accurate and reliable.
3. Availability: Seamfix strives to ensure that information is available to authorized users when needed. This involves implementing measures such as redundant systems, backups, and disaster recovery plans to minimize downtime and ensure continuity of operations in the event of disruptions or incidents.
4. Regulatory and Legislative Obligations: Seamfix complies with all relevant laws, regulations, and industry standards pertaining to information security and privacy. This includes but is not limited to NDPA, GDPR, and other regulatory requirements specific to the industries in which Seamfix operates.
5. Business Continuity Plans: Seamfix develops and maintains business continuity plans to ensure that critical business functions can continue uninterrupted in the event of disasters, emergencies, or other disruptions. These plans include procedures for data backup and recovery, alternative communication channels, and employee training.
6. Information Security & Privacy Training: Seamfix provides regular training and awareness programs to educate employees about information security and privacy best practices, policies, and procedures. This helps ensure that employees understand their roles and responsibilities in protecting information assets and responding to security incidents.
7. Reporting and Investigation of Breaches: Seamfix has established procedures for reporting and investigating all breaches of information security & privay, whether actual or suspected. This includes documenting incidents, conducting root cause analysis, and implementing corrective actions to prevent recurrence.
8. Continual Improvement of IMS: Seamfix is committed to continually improving its Integrated Management System (IMS), which includes the Information Security Management System (ISMS) and Privacy Impact Management System (PIMS). This involves regularly reviewing policies, procedures, and controls to identify areas for enhancement and implementing changes to strengthen information security and privacy practices.

By adhering to these principles and implementing appropriate controls and measures, Seamfix demonstrates its commitment to protecting information assets, maintaining compliance with relevant regulations, and ensuring the ongoing security and privacy of its customers’ data.