Information Transmission Policy

This policy defines the Information Transmission methods permissible for certain types of business information. Without such controls on Information Transmission, we risk the loss or compromise of its data which could adversely affect our business.

You can download the policy from here: Information Transmission Policy

Information Transmission Policy

    POLICY: INFORMATION TRANSMISSION POLICY
Effective: 	March 2021
Version: 		EC21

This policy defines the Information Transmission methods permissible for certain types of business information. Without such controls on Information Transmission, we risk the loss or compromise of its data which could adversely affect our business. 

PURPOSE
Not all business information needs the same level of security to be applied.  The level required will depend on the data’s value to the firm and its vulnerability to particular threats. This policy allows for adequate resources – neither too much nor too little – to be applied on a case-by-case basis in a logical manner.


SCOPE
This policy applies to employees, contractors, consultants, temporaries, and other workers at {{company_name}}, including all personnel affiliated with third parties. 

POLICY
Introduction
Transmission of information can ONLY be done via our file sharing application, [Secure].  The classification of the information involved will determine which if DRM and further safety mechanisms are required. Further information relating to these can be found listed below.

Classifications for Transmission 
Internal Use & Confidential: is information that contains sensitive business information that is for general readership within the firm. This information may include such documents as Quarterly Reports and Inter-Division communications. As a minimum requirement ‘Internal Use’ and ‘Confidential’ data may only exist within the [Secure] file structure. It can only be shared directly within [Secure] and when send externally must use DRM and be shared via encrypted link.

Highly Confidential: is information that is sensitive and limited to members of the business who have a legitimate purpose for accessing such data. Because of proprietary, ethical or privacy considerations, data which has been classified Highly Confidential that must be protected from unauthorised access, modification, storage or other use.  This classification is only available to Directors and is fully DRM protected. Highly Confidential cannot be shared outside of the firm without the CEO’s permission.

Client Confidential: is ANY information about a client, services provided to that client or reports for that client. Client information is ONLY shared with the designated client contact and is done so using the encrypted link sharing with [Secure]. The file(s) should not be DRM protection but rather password protected (12 character passwords) with first 6 characters being sent via email and the second 6 characters being sent via SMS. The download should be limited to 1 and the expiry set to 7 days.

COMPLIANCE
Compliance Measurement
The {{company_name}} Team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

Exceptions
Any exceptions to the policy must be approved by the CEO in advance.

Non-Compliance	
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

RELATED STANDARDS, POLICIES AND PROCESSES

•	 All

REVISION HISTORY

•	...
    


Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?