Last Updated: 16/08/2023
1. Introduction
This Information Security Policy outlines the principles, practices, and measures that SustainaSeed (“we,” “us,” or “our”) follows to ensure the security, confidentiality, and integrity of information collected, processed, and stored within our organization.
2. Policy Statement
We safeguard information against unauthorized access, disclosure, alteration, and destruction. Our approach to information security encompasses the following:
2.1. Data Protection
We will collect, process, and store personal and sensitive information in compliance with applicable laws and regulations. Information will be retained only for the period necessary to fulfil the purposes for which it was collected.
2.2. Access Control
Access to information will be granted on a need-to-know basis, and only authorized personnel will have access to sensitive data. User access rights will be regularly reviewed and updated to align with job responsibilities.
2.3. Information Handling
We will establish procedures to ensure that information is handled, processed, and shared securely and controlled. Confidential and sensitive information will be appropriately labelled and protected.
2.4. Security Measures
Technical and organizational measures will be implemented to protect information from unauthorized access, loss, or alteration. We regularly review and update security controls to address emerging threats and vulnerabilities.
2.5. Incident Response
We will establish an incident response plan to address security breaches, data breaches, or any other unauthorized access to information promptly and effectively. All incidents will be thoroughly investigated, reported, and remediated.
2.6. Employee Training
All employees and contractors will receive appropriate training to understand their responsibilities regarding information security. They will be educated on security best practices, proper information handling, and the importance of reporting security incidents.
2.7. Third-Party Security
We will ensure that third-party vendors and partners handling our information meet our security standards. Contracts with third parties will include clauses specifying their security obligations and responsibilities.
3. Compliance and Review
We are committed to complying with relevant laws, regulations, and industry standards related to information security. We will regularly review and update our security practices to align with changes in technology and threats.
4. Contact
For inquiries or concerns related to our Information Security Policy, please contact us.