image insight logo transparent

Security Policy

1 Purpose

This policy outlines the security measures and practices required to protect the information assets of Anna Malone Coaching Ltd, including Image Insight. Its goal is to ensure the confidentiality, integrity, and availability of our systems, data, and customer information.

2 Scope

This policy applies to all employees, contractors, vendors, and third parties who have access to Anna Malone Coaching’s information systems or handle customer data.

3 Roles and Responsibilities

  • Chief Technology Officer (CTO): Responsible for the implementation and maintenance of the security policy.
  • Employees: Must adhere to security guidelines and report any suspicious activities or breaches.
  • Third-Party Contractors: Must comply with security standards outlined in this policy and sign a Non-Disclosure Agreement (NDA) if accessing customer or business data. 

4 Data Classification and Protection

4.1 Data Classification

  • Confidential Data: Includes customer data, intellectual property, financial information.
  • Internal Use Only: Business processes, internal communications, non-public data.
  • Public Data: Marketing materials, publicly available information.

4.2 Data Protection Measures

  • All confidential and internal data must be encrypted both in transit and at rest.
  • Regular backups of critical data must be maintained and stored in secure, geographically redundant locations.
  • Access to customer and confidential data is restricted to authorised personnel only.

5 Access Control

  • User Accounts: All employees and third parties must have unique user accounts. No shared accounts are allowed.
  • Authentication: Multi-factor authentication (MFA) must be enabled for all access to internal systems and confidential data.
  • Password Policy: All passwords used for access to internal systems and confidential data must be at least 12 characters long and randomly generated.

6 Software Development and Security

  • All software must undergo regular security assessments and code reviews.
  • Use secure coding practices (e.g., input validation, proper error handling, and avoiding hard-coded credentials).
  • Critical software updates and patches must be applied promptly.
  • Third-party libraries and frameworks must be kept up to date, and vetted for security vulnerabilities.

7 Network Security

  • Use firewalls to segment and protect internal networks.
  • Ensure that all devices connected to the network have up-to-date antivirus software and are regularly scanned for vulnerabilities.
  • Secure Wi-Fi networks with strong encryption and hidden SSIDs.

8 Incident Response Plan

  • All employees must report any suspected security incidents to the CTO immediately.
  • An incident response plan must be in place and regularly tested.
  • In case of a breach, affected customers will be notified within 72 hours, and corrective actions will be taken immediately to contain and resolve the issue.

9 Physical Security

  • Equipment such as laptops, servers, and external drives must be secured with strong passwords and encryption.

10 Compliance and Auditing

  • Regular internal audits will be conducted to ensure compliance with this security policy.
  • We will adhere to all relevant data protection laws and industry standards (e.g., GDPR, SOC 2) as applicable.
  • Any changes to security policies will be communicated to all employees and third-party contractors.

11 Training and Awareness

  • All employees will undergo annual security awareness training.
  • Employees must stay up to date on the latest security threats and practices, especially those relevant to SaaS businesses.

12 Vendor and Third-Party Security

  • Vendors and third-party partners must adhere to similar security practices and standards as Anna Malone Coaching.

13 Policy Review

This policy will be reviewed and updated annually or whenever there are significant changes in the business, technology, or regulatory environment.

Last updated: September 07, 2024