2021-11-25 14:47:07 -03:00
|
|
|
|
# General Bots Security Policy
|
|
|
|
|
|
|
2022-01-11 13:17:58 -03:00
|
|
|
|
## Overview
|
|
|
|
|
|
|
|
|
|
|
|
Request your free IT security evaluation
|
|
|
|
|
|
• Reduce the risk of IT problems
|
|
|
|
|
|
• Plan for problems and deal with them when they happen
|
|
|
|
|
|
• Keep working if something does go wrong
|
|
|
|
|
|
• Protect company, client and employee data
|
|
|
|
|
|
• Keep valuable company information, such as plans and designs, secret
|
|
|
|
|
|
• Meet our legal obligations under the General Data Protection Regulation and other laws
|
|
|
|
|
|
• Meet our professional obligations towards our clients and customers
|
|
|
|
|
|
|
|
|
|
|
|
This IT security policy helps us:
|
|
|
|
|
|
|
|
|
|
|
|
• Rodrigo Rodriguez is the director with overall responsibility for IT security strategy.
|
|
|
|
|
|
• Microsoft is the IT partner organisation we use to help with our planning and support.
|
|
|
|
|
|
• Microsoft is the data protection officer to advise on data protection laws and best practices
|
|
|
|
|
|
Review process
|
|
|
|
|
|
|
|
|
|
|
|
We will review this policy yearly.
|
|
|
|
|
|
In the meantime, if you have any questions, suggestions
|
2024-01-09 17:41:41 -03:00
|
|
|
|
or feedback, please contact security@pragmatismo.com.br
|
2022-01-11 13:17:58 -03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We will only classify information which is necessary for the completion of our duties. We will also limit
|
|
|
|
|
|
access to personal data to only those that need it for processing. We classify information into different
|
|
|
|
|
|
categories so that we can ensure that it is protected properly and that we allocate security resources
|
|
|
|
|
|
appropriately:
|
|
|
|
|
|
• Unclassified. This is information that can be made public without any implications for the company,
|
|
|
|
|
|
such as information that is already in the public domain.
|
|
|
|
|
|
• Employee confidential. This includes information such as medical records, pay and so on.
|
|
|
|
|
|
• Company confidential. Such as contracts, source code, business plans, passwords for critical IT
|
|
|
|
|
|
systems, client contact records, accounts etc.
|
|
|
|
|
|
• Client confidential. This includes personally identifiable information such as name or address,
|
|
|
|
|
|
passwords to client systems, client business plans, new product information, market sensitive
|
|
|
|
|
|
information etc.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Employees joining and leaving
|
|
|
|
|
|
|
|
|
|
|
|
We will provide training to new staff and support for existing staff to implement this policy. This includes:
|
|
|
|
|
|
• An initial introduction to IT security, covering the risks, basic security measures, company policies
|
|
|
|
|
|
and where to get help
|
|
|
|
|
|
• Each employee will complete the National Archives ‘Responsible for Information’ training course
|
|
|
|
|
|
(approximately 75 minutes)
|
|
|
|
|
|
• Training on how to use company systems and security software properly
|
|
|
|
|
|
• On request, a security health check on their computer, tablet or phone
|
|
|
|
|
|
When people leave a project or leave the company, we will promptly revoke their access privileges to
|
|
|
|
|
|
|
|
|
|
|
|
The company will ensure the data protection office is given all appropriate resources to carry out their
|
|
|
|
|
|
tasks and maintain their expert knowledge.
|
|
|
|
|
|
The Data Protection Officer reports directly to the highest level of management and must not carry out
|
|
|
|
|
|
any other tasks that could result in a conflict of interest.
|
2021-11-25 14:47:07 -03:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
|
|
|
|
|
|
|
You can expect to get an update on a reported vulnerability in a day or two.
|
2024-01-09 17:41:41 -03:00
|
|
|
|
security@pragmatismo.com.br
|
