The Confidential Information – Breaches and Escalation Policy sets out the escalation procedures to follow in the event of a breach of confidential information within Company and requirements regarding the protection of confidential information with third party service providers.
Company supervisors are required to establish and maintain legal, administrative, technical and physical safeguards for the protection of confidential information and records containing such information, including requirements for the proper and secure transfer (including between Company entities) and disposal of media containing such information and requirements to notify affected parties and regulators of certain security breaches involving confidential information.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. CONFIDENTIAL INFORMATION
4. THIRD PARTY AGREEMENTS
5. ESCALATION STEPS FOR UNAUTHORIZED ACCESS TO CONFIDENTIAL INFORMATION
6. INTEGRITY HOTLINE
7. SUPERVISORY RESPONSIBILITIES
9. FINAL CONSIDERATIONS
9.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
9.2 DOCUMENT REVISION
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.
The objective of the Information Security Incident Policy is to set up the foundation of security incidents management in order to minimize the damage and malfunctions, and to monitor and learn from such incidents.