|Subject:||INFORMATION SECURITY POLICY||PO-02|
Information Security Policy
- It is the policy of Solutions Connected that information in all its forms: written, spoken, recorded electronically or printed, will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information. Moreover, special commitment will be given to the software development unit and its core processes.
- All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance. All activities identified by the policies and procedures must also be documented.All the documentation, which may be in electronic form, must be retained for at least 6 (six) years after initial creation, or, pertaining to policies and procedures, after changes are made. All documentation must be periodically reviewed for appropriateness and currency, a period of time to be determined by each entity within Solutions Connected.
- At each entity and/or department level, additional policies, standards and procedures will be developed detailing the implementation of this policy and set of standards and addressing any additional information systems functionality in such an entity and/or department. All departmental policies must be consistent with this policy. All systems implemented after the effective date of these policies are expected to comply with the provisions of this policy where possible. Existing systems are expected to be brought into compliance where possible and as soon as practical.
- The scope of information security includes the protection of the confidentiality, integrity and availability of information.
- The framework for managing information security in this policy applies to all Solutions Connected units and workers, other Involved Persons and all Involved Systems throughout Solutions Connected.
- This policy and all standards apply to all protected information and other classes of protected information in any form as defined in INS-02 & INS-03 Information classification matrix.