MobiCards Information Security Policy

1. Purpose

• The purpose of this Information Security Policy is to protect the information assets of MobiCards (including digital business cards and online shop services) from all threats, whether internal or external, deliberate or accidental. This policy aims to ensure the confidentiality, integrity, and availability of information.

2. Scope

• This policy applies to all employees, contractors, consultants, temporary workers, and other workers at MobiCards, including all personnel affiliated with third parties. It covers all information assets, including data, systems, networks, and physical infrastructure.

3. Information Security Principles

• Confidentiality: Ensuring that information is accessible only to those authorized to have access.
• Integrity: Safeguarding the accuracy and completeness of information and processing methods.
• Availability: Ensuring that authorized users have access to information and associated assets when required.

4. Roles and Responsibilities

• Management: Responsible for establishing and maintaining the security framework and for promoting a culture of security awareness.
• Information Security Team: Responsible for implementing, managing, and enforcing security measures.
• Employees and Users: Responsible for adhering to security policies and procedures and for reporting security incidents.

5. Information Classification

• Information assets must be classified according to their sensitivity and criticality. The classification levels include:
  • Public: Information intended for public dissemination.
  • Internal: Information intended for internal use within MobiCards.
  • Confidential: Sensitive information requiring strict access control.

6. Access Control

• Access to information and information systems is granted on a need-to-know basis and must be authorized by the appropriate level of management.
• Strong passwords and multi-factor authentication (MFA) are required for accessing sensitive systems.

7. Data Protection

• All sensitive data must be encrypted both in transit and at rest.
• Regular backups must be performed and stored securely to ensure data recovery in case of loss or corruption.

8. Network Security

• Network access controls, firewalls, and intrusion detection systems must be implemented to protect against unauthorized access and threats.
• Regular vulnerability assessments and penetration testing must be conducted to identify and remediate security weaknesses.

9. Physical Security

• Physical access to facilities housing sensitive information must be restricted to authorized personnel only.
• Security measures such as surveillance cameras, access control systems, and security guards must be employed to protect physical assets.

10. Incident Response

• A formal incident response plan must be in place to handle security incidents promptly and effectively.
• All employees must be trained on how to recognize and report security incidents.

11. Training and Awareness

• Regular security training and awareness programs must be conducted for all employees to ensure they understand their roles and responsibilities regarding information security.

12. Compliance and Monitoring

• Compliance with this policy and related procedures must be regularly monitored through audits and reviews.
• Non-compliance must be addressed through appropriate disciplinary measures.

13. Policy Review

• This Information Security Policy must be reviewed annually and updated as necessary to ensure its continued relevance and effectiveness.

14. Contact Information

• For any questions or concerns regarding this Information Security Policy, please contact us at [email protected].

This Information Security Policy outlines the measures MobiCards takes to protect its information assets. It is designed to provide a framework for maintaining the confidentiality, integrity, and availability of information. For comprehensive legal and regulatory compliance, it is recommended to consult with a legal professional.