Security Policy

Introduction
This Policy document encompasses all aspects of security surrounding confidential company information and must be distributed to all company employees. All company employees must read this document in its entirety and sign the form confirming they have read and fully understand this policy. This document
will be reviewed and updated by Management on an annual basis or when relevant to include newly developed security standards into the policy and re-distributed to all employees and contractors where applicable.

Information Security Policy
Boner Bears AZ handles sensitive information daily. Sensitive Information must have adequate safeguards in place to protect the account data that includes cardholder data, cardholder privacy, and to ensure compliance with various regulations, along with guarding the future of the organization.


Boner Bears AZ commits to respecting the privacy of all its customers and to protecting any customer data from outside parties. To this end management are committed to maintaining a secure environment in which to process cardholder information so that we can meet these promises.


Employees handling sensitive cardholder data should ensure:

 

  • Handle Boner Bears AZ and account data information in a manner that fits with their sensitivity and classification;
  • Limit personal use of the Boner Bears AZ information and telecommunication systems and ensure it doesn’t interfere with your job performance;
  • The Boner Bears AZ reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications, equipment, systems and network traffic for any purpose;
  • Do not use e-mail, internet and other Boner Bears AZ resources to engage in any action that is offensive, threatening, discriminatory, defamatory, slanderous, pornographic, obscene, harassing or illegal;
  • Do not disclose personnel information unless authorized;
  • Protect sensitive account data including cardholder information;
  • Keep passwords and accounts secure;
  • Request approval from management prior to establishing any new software or hardware, third party connections, etc.;
  • Do not install unauthorized software or hardware, including modems and wireless access unless you have explicit management approval;
  • Always leave desks clear of sensitive cardholder data and lock computer screens when unattended;
  • Information security incidents must be reported, without delay, to the individual responsible for incident response locally – Please find out who this is.
  • Attend security awareness training on an annual basis


We each have a responsibility for ensuring our company’s systems and data are protected from unauthorized access and improper use. If you are unclear about any of the policies detailed herein you should seek advice and guidance from your line manager.