1. Purpose The purpose of this Information Security Policy is to outline HarvestROI's commitment to safeguarding sensitive information, including but not limited to client data, proprietary information, and personal data, in our role as a HubSpot Solutions Partner. This policy serves as a framework to ensure the confidentiality, integrity, and availability of this information.
2. Scope This policy applies to all employees, contractors, vendors, and third parties who have access to HarvestROI's information assets, systems, or networks.
3. Information Classification All information in our possession shall be classified based on its sensitivity:
- Confidential: Highly sensitive information that requires the utmost protection.
- Internal Use: Sensitive information for internal business purposes.
- Public: Information intended for public consumption.
4. Access Control
- Access to confidential and internal use information shall be restricted based on a need-to-know basis.
- Users shall be provided with unique login credentials and password changes will be enforced regularly.
- Strong authentication measures, such as multi-factor authentication, will be implemented where appropriate.
- Access to client data in HubSpot will be limited to authorized personnel only.
5. Data Protection
- Data encryption will be applied to sensitive information during transmission and storage.
- Regular data backups will be conducted and tested to ensure data recoverability.
- Data retention policies will be established and enforced in compliance with legal requirements.
6. Information Handling
- Confidential information shall not be shared with external parties without proper authorization.
- The use of personal devices for handling sensitive information is discouraged, but if necessary, it must comply with the organization's BYOD policy.
- Secure disposal of sensitive information will be ensured through shredding or secure deletion methods.
7. Security Awareness
- All employees will receive information security training upon joining the organization and annually thereafter.
- Regular security reminders, updates, and awareness campaigns will be conducted.
- Employees will be encouraged to report security incidents promptly.
8. Incident Response
- An incident response plan will be in place to address and mitigate security incidents.
- All security incidents, breaches, or suspected breaches will be reported, investigated, and documented.
- Notification procedures will be followed in the event of a data breach, as required by law.
- HarvestROI will comply with all applicable laws and regulations related to information security and data protection.
- Regular audits and assessments of our security controls will be conducted to ensure compliance.
10. Review and Update This policy will be reviewed annually and updated as necessary to adapt to evolving threats and technologies.
11. Reporting Violations Any violations of this policy or suspected security breaches should be reported immediately to the designated Information Security Officer.
12. Enforcement Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.
By adhering to this Information Security Policy, HarvestROI aims to protect sensitive information, maintain client trust, and uphold the highest standards of information security. All employees and stakeholders are responsible for supporting and enforcing this policy.