1. INTRODUCTION
This policy outlines the responsibilities and prerequisites that must be adhered to by all individuals who access, use, manage, or manipulate data through the Abstra service or any related infrastructure. It aims to ensure the adequate protection of all Abstra's information assets.
2. SCOPE
The policy applies to all individuals (including employees, contractors, partners,suppliers, and clients) who have any form of interaction with Abstra's systems, information, and data.
3. POLICY STATEMENTS
3.1. Confidentiality, Integrity, and Availability: All information assets shall be available to authorized parties when required, and protected from unauthorized access, modification, or destruction.
3.2. User Access Management: Access to Abstra's systems and data must be strictly controlled and managed. All users must use unique credentials and privilege levels will be granted based on the necessity and role of the user.
3.3. Security Awareness and Training: Regular training measures and awareness programs will be carried out to ensure all users understand the information security norms, threats, and their roles in maintaining security.
3.4. Information Asset Management: All information assets (including hardware, software, databases, and user data) must be identified , registered, classified, and managed effectively.
3.5. Incident Management: A robust incident response plan shall be in place to respond to information security incidents. All incidents must be reported and investigated promptly.
3.6. Risk Management: Regular assessments shall be carried out to identify and mitigate security risk that may impact the framework, the cloud service, or any other associated services.
3.7. Physical Security: Appropriate measures must be implemented to ensure the physical security of all hardware related to the Abstra infrastructure.
3.8. Compliance: All individuals must comply with applicable laws, regulations, and contractual obligations regarding information security.
3.9. Customer Content: Abstra may copy, display, modify, and use Customer Content only as needed to provide and maintain the Product and related offerings to the Customer. In any situation other than regular product use, Abstra will request Customer consent to copy, display, modify, and use Customer Content. Customer is responsible for the accuracy and content of Customer Content.
4. POLICY COMPLIANCE
4.1. Compliance Monitoring: Regular audits and reviews will take place to ensure policy compliance.
4.2. Exceptions: Any exception to this policy must be authorized in advance by the appropriate authority.
4.3. Non-compliance: Any individual found to be in violation of this policy may face severe consequences, potentially including legal action.
5. POLICY GOVERNANCE
5.1. Review and Revision: This policy must be regularly reviewed and updated as necessary.
5.2. Policy Enforcement: The Abstra security team is responsible for enforcing this policy.
We trust all individuals involved with Abstra to adhere to the principles and guidelines outlined. Remember, safeguarding our framework and cloud service isn't just for the benefit of the company, but crucial to ensure the integrity, confidentiality, and availability of the services we provide to all our clients and users. Failure to comply with the Information Security Policy may lead to repercussions including, but not limited to, revocation of access, disciplinary action, termination of contract, or legal implications.
It is by acknowledging these rules and responsibilities that we can effectively protect not only Abstra's critical information assets, but also maintain the trust and confidence of our users, customers, and partners. We must all work together to maintain a safe and secure digital environment.
