Introduction
This Data Security Policy outlines Stavik Global’s commitment to protecting sensitive information and maintaining the highest standards of data security. The policy serves as a guide for employees, contractors, and third-party partners to ensure the confidentiality, integrity, and availability of our data assets.
Scope
This policy applies to all data collected, processed, and stored by Stavik Global. It encompasses customer information, financial data, employee records, and any other data deemed sensitive or confidential.
Roles and Responsibilities
- The Data Security Officer (DSO) is responsible for overseeing and enforcing data security measures.
- IT administrators are responsible for implementing and managing technical security controls.
- End-users are responsible for adhering to data security policies and reporting any suspicious activity promptly.
Data Classification
- Data is classified into three categories: Public, Internal, and Confidential.
- Access controls and encryption methods vary based on the classification of the data.
Access Controls
- User access is based on the principle of least privilege.
- Multi-factor authentication is mandatory for accessing sensitive systems and data.
Encryption
- Data in transit is encrypted using industry-standard TLS protocols.
- Data at rest is protected with AES-256 encryption.
Network Security
- Firewalls and intrusion detection/prevention systems are in place to monitor and secure the company’s network.
- Secure Wi-Fi protocols are enforced.
Physical Security
- Biometric access controls and surveillance cameras are implemented in data centers and server rooms.
- Access to physical locations housing sensitive equipment is restricted.
Incident Response
- An incident response plan outlines procedures for reporting, investigating, and mitigating security incidents.
- Communication protocols ensure swift and transparent response to any data breaches.