InfraGuard cyber security and data protection policy.
Cyber Security policy brief & purpose
InfraGuard’s cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure.
We have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.
This policy applies to all our employees, contractors, volunteers and anyone who has permanent or temporary access to our systems and hardware.
Confidential data is secret and valuable. Common examples are:
All employees are obliged to protect this data. In this policy, we will give our employees instructions on how to avoid security breaches.
Protect personal and company devices
When employees use their digital services to access company emails or accounts, they introduce security risk to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They do this by:
We also advise our employees to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
When new hires receive company-issued equipment they will receive instructions for:
They will follow instructions to protect their devices and refer to our Security Specialists/ Network Engineers if they have any questions.
Keep emails safe
Emails often host scams and malicious software (e.g. worms.) To avoid virus infection or data theft, we instruct employees to:
If an employee isn’t sure that an email they received is safe, they can refer to our IT Specialist. Manage passwords properly
Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:
Remembering a large number of passwords can be daunting. We will purchase the services of a password management tool which generates and stores passwords. Employees are obliged to create a secure password for the tool itself, following the above mentioned advice.
Transfer data securely
Transferring data introduces security risk. Employees must:
Our IT Specialists/ Network Engineers need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our IT Specialists/ Network Engineers must investigate promptly, resolve the issue and send a companywide alert when necessary.
Our Security Specialists are responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns. Additional measures
To reduce the likelihood of security breaches, we also instruct our employees to:
We also expect our employees to comply with our social media and internet uses policy. Our Security Specialists/ Network Administrators should:
Our company will have all physical and digital shields to protect information. Remote employees
Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private network is secure. We encourage them to seek advice from our Security Specialists/ IT Administrators. Disciplinary Action
We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action:
We will examine each incident on a case-by-case basis.
Additionally, employees who are observed to disregard our security instructions will face progessive discipline even if their behavior hasn’t resulted in a security breach.
Take security seriously
Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. The only way to gain their trust is to proactively protect our systems and databases. We can all contribute to this by being vigilant and keeping cyber security top of mind.Company data protection policy
Data Protection Policy brief & purpose
InfraGuard's Company Data Protection Policy refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.
Who is covered under the Data Protection Policy?
Employees of our company and its subsidiaries must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
InfraGuard, in the course of its operations, stores meta-data related to customer environments such as user names, patch install histories, pending patches, command logs and similar. Our company collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available to us, the following rules apply.
Our data will be:
Our data will not be:
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically we must:
To exercise data protection we're committed to:
Our data protection provisions will appear on our website.
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.