Information Security and Data Handling

Classifying and Protecting Information

Every piece of data we handle is classified into one of four categories: Public, Internal, Confidential, or Restricted. You are responsible for understanding the classification of the data you work with. Public data can be shared freely; however, Restricted data (such as customer credit card info or trade secrets) must be encrypted and only stored in approved systems. Never send Confidential files via personal email or unmanaged chat apps. We perform regular audits of our file shares to ensure data is correctly labeled and accessible only to authorized users. Protecting our clients' data is our most important legal and ethical obligation. Security is not just a technical control; it is a mindset. By following these handling procedures, you prevent the data leaks that can devastate a company's reputation. Responsibility starts with you.

Reporting Data Breaches and Incidents

If you suspect that sensitive data has been accidentally shared with the wrong person or if your laptop is lost, you must report it to the Security Operations Center (SOC) within one hour. Rapid reporting is the only way we can mitigate the impact of a potential breach. We follow a 'No Blame' culture for reporting mistakes; our priority is to secure the data, not to punish the individual. After an incident is resolved, we conduct a 'Lessons Learned' session to improve our processes. You are encouraged to use our anonymous reporting hotline if you see a colleague consistently violating data policies. Cybersecurity is a team effort, and your vigilance is our best defense against increasingly complex threats. Staying compliant with our data policies ensures our long-term business success. We value your role as a guardian of our digital assets. Safety and integrity are our standards. Together we are building a more secure digital world.