Security Policy
Girmairi employs strict security standards and measures throughout the entire organization. Every team member is trained and kept up to date on the latest security protocols. We regularly undergo testing, training, and auditing of our practices and policies.
- Purpose
This Information Security Policy outlines the principles and guidelines to ensure the confidentiality, integrity, and availability of Girmairi's information assets. It establishes a framework for the protection of sensitive information and compliance with legal and regulatory requirements. - Scope
This policy applies to all employees, contractors, third-party service providers, and any individual granted access to Girmairi's information systems. - Information Classification
Information is classified into categories based on sensitivity and criticality. Employees must adhere to the designated classification and handle information accordingly. - Access Control
Access to information systems and data is granted based on job responsibilities. Access rights are reviewed regularly to ensure appropriateness.
- Public Information: Information that can be freely shared with the public.
- Internal Use: Sensitive information for internal use only.
- Confidential: Highly sensitive information requiring strict access controls. - Data Encryption
Sensitive data, both in transit and at rest, must be encrypted to protect against unauthorized access. - Acceptable Use
Employees are expected to use Girmairi's information systems responsibly. Activities such as unauthorized access, data theft, or any action that compromises system integrity is strictly prohibited. - Password Management
Strong passwords are mandatory for all accounts. Passwords must be changed regularly, and the sharing of passwords is strictly forbidden. - Incident Response
All security incidents must be reported promptly to the IT department. An incident response plan is in place to manage and mitigate the impact of security incidents. - Remote Access
Remote access to Girmairi's network is permitted through secure connections only. Employees must adhere to secure remote access guidelines. - Physical Security
Physical access to information systems is restricted to authorized personnel. Visitors must be escorted at all times. - Data Backups
Regular backups of critical data are performed to ensure data recovery in case of system failures or data loss. - Training and Awareness
Employees will receive regular training on information security best practices. Awareness programs will be conducted to keep employees informed about emerging threats and security protocols. - Policy Review
This policy will be reviewed annually and updated as needed to address emerging threats, changes in technology, and business requirements. - Policy Enforcement
Failure to comply with this policy may result in disciplinary action, including termination of employment and legal action.
