HOT
Thursday, May 22 2025
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Written by January 21, 2024

Information Security Policy

IT Policy Article

“`html

EDC Inc Information Security Policy

EDC Inc Information Security Policy

Read moreData Protection and Privacy Policy

The Information Security Policy of EDC Inc is a critical framework that ensures the protection of our information assets against the risks of loss, misuse, disclosure, and alteration. This document outlines the policies and procedures that are to be followed by all employees, contractors, and affiliated parties to safeguard the company’s data and technology infrastructure.

1. Purpose

The purpose of this Information Security Policy is to establish and maintain the security and confidentiality of EDC Inc’s information, as well as the integrity and availability of our systems.

2. Scope

Read moreNetwork Security Policy

This policy applies to all employees, contractors, and third-party users of EDC Inc who have access to the company’s information systems and data.

3. Information Security Governance

EDC Inc has established an Information Security Governance framework to provide strategic direction, ensure objectives are achieved, manage risks, and verify that the company’s resources are used responsibly.

  • The IT Security Operations department is responsible for the overall coordination of the information security program.
  • The IT Audit and Compliance department will ensure compliance with this policy through regular audits and reviews.
  • Each IT Director and Manager within their respective departments is accountable for implementing and enforcing the information security policies and procedures.

4. User and Service Account Management

Read moreAccess Control Policy

User and service accounts are critical components of EDC Inc’s information security. All user and service accounts are managed through Active Directory.

  • IT Server Operations is responsible for the management and maintenance of Active Directory.
  • All accounts must adhere to a strong password policy, requiring complexity and regular changes.
  • Accounts must be reviewed quarterly to ensure that only authorized users have access.

5. Asset Management

EDC Inc uses CMDB as the inventory management tool to track and manage all IT assets.

  • IT Database Operations is tasked with maintaining the accuracy and completeness of the CMDB.
  • All assets must be registered in the CMDB with their respective owner, location, and classification information.
  • Changes to IT assets must be recorded and audited to ensure the integrity of the asset database.

6. Change Management

Read moreIncident Response and Management Policy

The Change Audit Board (CAB) is responsible for overseeing all changes to IT systems and ensuring they are managed in a controlled manner.

  • IT Server Build Operations will submit change requests to the CAB for review and approval.
  • All changes must be documented, tested, and approved before implementation.
  • Emergency changes must follow the emergency change management procedures and be reviewed post-implementation.

7. Patch Management

EDC Inc requires that each server must be patched every 30 days to maintain security and system integrity, unless an “IT Exception” is approved by IT Security.

  • OS patching is managed by IT Server Operations.
  • Patches must be tested in a non-production environment before being rolled out to production servers.
  • Exceptions must be documented and approved by IT Security Operations.

8. Incident Response and Management

Read moreDisaster Recovery and Business Continuity Plan

IT-SOC (Incident Management) is responsible for managing information security incidents and events to ensure a consistent and effective approach to the management and resolution of incidents.

  • Incidents must be reported to IT-SOC immediately upon discovery.
  • IT-SOC will coordinate the response and recovery efforts, including investigation and remediation.
  • Post-incident reviews are conducted to identify lessons learned and improve future response efforts.

9. Physical Security

Corporate Physical Security is responsible for the protection of EDC Inc’s physical assets, including data centers, offices, and other facilities.

  • Access to sensitive areas is restricted to authorized personnel only.
  • Physical access controls such as badges, locks, and surveillance systems are in place and monitored.
  • Visitors must be escorted at all times within secure areas.

10. Monitoring and Operations

Read moreAcceptable Use Policy for IT Resources

IT Monitoring Operations is tasked with the continuous monitoring of EDC Inc’s IT infrastructure to detect and respond to security events in a timely manner.

  • Monitoring systems are in place to detect unauthorized access, system anomalies, and potential security incidents.
  • Alerts generated by monitoring systems must be investigated promptly by IT-SOC.
  • Regular reports are generated to provide an overview of the security posture and identify trends.

EDC Inc is committed to complying with all applicable laws, regulations, and contractual obligations related to information security.

  • IT Audit and Compliance is responsible for ensuring that EDC Inc meets its legal and regulatory requirements.
  • Regular training and awareness programs are conducted to ensure that employees understand their compliance responsibilities.
  • Violations of this policy may result in disciplinary action, up to and including termination of employment.

12. Policy Review and Update

Read morePassword Management Policy

This Information Security Policy will be reviewed and updated on an annual basis or as needed to reflect changes in legal, regulatory, or business requirements.

  • The IT Security Operations department is responsible for initiating the review process.
  • Stakeholders from relevant departments will be involved in the review process to ensure the policy remains relevant and effective.
  • Any changes to the policy must be approved by senior management before implementation.

Summary

EDC Inc’s Information Security Policy is designed to protect the company’s information assets and ensure the resilience of our IT infrastructure. By adhering to these policies and procedures, EDC Inc demonstrates its commitment to information security and the safeguarding of its resources. The key takeaways of this policy include the importance of asset management, user account control, change management, incident response, physical security, monitoring operations, and compliance with legal requirements. All employees and affiliated parties are expected to understand and comply with this policy to maintain the security and integrity of EDC Inc’s information systems.

Read moreEmail and Communication Policy

“`

You may also like

Team Department Details

Links and Services

Contact Information for Customers who need support.

Leave a Reply

Your email address will not be published. Required fields are marked *