INFORMATION SECURITY PROCEDURE

INFORMATION SECURITY PROCEDURE

I. Introduction:

This document outlines the policies, procedures, and responsibilities within Digital Forest for ensuring the security of software systems and information within the organization. The purpose of these procedures is to protect sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.

II. Policies:
A. Access Control: Access to software systems and information is granted only to those individuals who require it to perform their job duties. Access is based on the principle of least privilege, which means that individuals are given only the minimum access necessary to perform their job responsibilities.

B. Data Classification: All information stored within software systems is classified based on its level of sensitivity and criticality. This information is used to determine the appropriate level of protection required.

C. Data Encryption: Sensitive information stored within software systems is encrypted to protect it from unauthorized access.

D. Incident Response: In the event of a security incident, the organization has a documented incident response plan in place to respond to, contain, and recover from the incident.

E. User Awareness and Training: All individuals who use software systems and access information are required to receive security awareness training to understand their role in protecting information.

III. Responsibilities:
A. Information Security Officer (ISO): The ISO is responsible for developing, implementing, and maintaining the information security policies and procedures. The assignee for the calendar year 2021 is Mr. Roberto Vergani. The assignement is automatically reniewed for the folling year unless different communications. Declarations and formal signatures issued by the ISO covers all levels below (SA, DO)

B. System Administrators: System administrators are responsible (SA) for the day-to-day management of software systems, including access control, data encryption, and incident response. SA are assigned per single project/client at the time of contract formalization.

C. Data Owners: Data owners (DO) are responsible for the information they create, store, and use within software systems. This includes ensuring the information is classified and protected appropriately. DO are assigned per single project/client at the time of contract formalization.

D. Users: All individuals who use software systems and access information are responsible for following the policies and procedures outlined in this document and for reporting any suspected security incidents.

IV. Conclusion:
This document provides a framework for ensuring the security of software systems and information within DIGITAL FOREST. By following these policies and procedures, the organization can minimize the risk of security incidents and protect sensitive information from unauthorized access, use, and disclosure.

mr. Roberto Vergani
ISO
DIGITAL FOREST