At Infodepots, we are committed to protecting the data and information of our clients, employees, and partners. This Data Security Policy outlines our framework for managing our data security risks, protecting our information assets, and ensuring we comply with applicable laws and industry standards.

Scope:

This policy applies to all employees, contractors, and third parties who have access to Infodepots’ data and information systems.

Data Classification:

Data within Infodepots is classified into the following categories:

  • Confidential: Information that would cause harm to Infodepots or its stakeholders if disclosed.
  • Internal Use Only: Information that is not for public dissemination but is not expected to cause harm if disclosed.
  • Public: Information that has been approved for public release.

Roles and Responsibilities:

  • Employees are responsible for adhering to this policy and safeguarding the data they handle.
  • The IT Department is responsible for the operational security of all IT systems and infrastructure.

Data Protection Measures:

  • Access Control: Data access is based on the principle of least privilege. Users are granted access only to the data necessary for their job functions.
  •  Encryption: Data in transit and at rest is encrypted using industry-standard methods to prevent unauthorized access.
  • Physical Security: Physical access to Infodepots’ premises is controlled and monitored. Secure disposal methods are used for all physical records.
  • Network Security: Firewalls, intrusion detection/prevention systems, and regular security assessments are employed to protect our network.
  • Employee Training: All employees undergo regular data security training to understand their responsibilities and the importance of protecting data. 

Data Retention and Disposal:

Data shall be retained only for as long as necessary for the purposes for which it was collected or as required by law. Secure methods will be used to dispose of or delete data that is no longer needed.

Compliance and Review:

This policy will be reviewed annually or in response to significant changes in the business or regulatory environment. All employees and relevant third parties are expected to comply with this policy. Non-compliance may result in disciplinary action, up to and including termination of employment or contracts. 

For any questions or concerns about this policy or data security practices, please contact the  privacy@infodepots.com