Security Policy
Purpose
Jivrus Technologies is committed to protecting the confidentiality, integrity, and availability of its information assets and ensuring the safety and privacy of its customers' data. As a cloud software company, Jivrus Technologies recognizes the importance of information security in delivering secure and reliable services. The purpose of this security policy is to establish the framework for information security within Jivrus Technologies.
Audience
This policy applies to all Jivrus Technologies employees, contractors, consultants, vendors, and any third-party entities that have access to Jivrus Technologies' information systems and data.
Policy
Access Control
Access to Jivrus Technologies' information systems and data will be restricted to authorized personnel only. Access control mechanisms, such as passwords, oauth2 authentication, multi-factor authentication, and role-based access control, will be used to ensure that access to information systems and data is limited to authorized personnel only. The access control process will include:
a. All users will have unique usernames and strong passwords.
b. Passwords will be stored securely in an encrypted format.
c. User access will be reviewed periodically to ensure that access is appropriate and necessary.
d. Multi-factor authentication will be implemented for all administrative access.
e. User access logs will be maintained for auditing and compliance purposes.
System and Application Development
Jivrus Technologies will ensure that all systems and applications are developed and maintained using secure development practices. This includes but is not limited to, using secure coding practices, conducting security reviews, and testing for security vulnerabilities.
Data Protection
Jivrus Technologies will ensure that all customer data is protected using appropriate security controls. This includes but is not limited to, encryption of confidential data in transit and at rest, access controls, and regular backups.
a. All sensitive and confidential data will be stored in an encrypted format.
b. All backups of sensitive and confidential data will be encrypted.
c. Sensitive and confidential data will be protected against unauthorized access, modification, or destruction.
d. All access to sensitive and confidential data will be logged and audited.
Incident Management
Jivrus Technologies will establish and maintain an incident management process to respond to security incidents promptly. The incident management process will include:
a. Identifying the scope and nature of the incident
b. Appropriate action will be taken to mitigate any potential impact of the incident.
c. Notifying relevant parties, and documenting the incident for future reference.
d. Lessons learned from security incidents will be used to improve security policies, procedures, and controls.
Business Continuity and Disaster Recovery
Jivrus Technologies will establish and maintain a business continuity and disaster recovery plan to ensure that services can be restored in the event of a disruption. The plan will include regular backups, disaster recovery testing, and alternative service delivery options.
Physical Security
Jivrus Technologies will ensure that all physical access to its facilities is controlled and monitored. This includes but is not limited to, restricting access to sensitive areas, monitoring entry and exit points, and ensuring that all equipment is secured.
Third-Party Security
Jivrus Technologies will ensure that all third-party entities that have access to its information systems and data comply with this security policy. Third-party entities will be required to sign a confidentiality and non-disclosure agreement and will be subject to regular security assessments.
Enforcement
Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.
Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of the contract(s), and related civil or criminal penalties.
Changes to this Policy
Jivrus Technologies may update this policy from time to time to reflect changes in our business practices or legal requirements.
Conclusion
Jivrus Technologies takes security seriously. We are committed to ensuring the security and confidentiality of your data and complying with data protection regulations.
Contact Us
If you have any questions or concerns about this Security Policy, please contact us.