Information Security Policy

Last Updated: 04/01/2024

At CrowdSurf Services, we prioritize the protection of our information assets and the continuity of our core and supporting business operations. Our Information Security Policy is designed to ensure the confidentiality, integrity, and availability of information, aligning with our strategic business objectives and regulatory requirements.

  1. Objective: The objective of our Information Security Management System is to safeguard our information assets from all threats, maintain the confidentiality of information, ensure the integrity of data and processing methods, and ensure the availability of information when needed. We are committed to continual improvement towards an organization-wide Information Security Management System.
  2. Confidentiality: We strive to maintain the confidentiality of information by ensuring that it is accessible only to authorized individuals. We implement appropriate measures to prevent unauthorized access, including access controls, user authentication, and encryption technologies. Additionally, we regularly review and update our security controls to mitigate risks and protect sensitive information.
  3. Integrity: We prioritize the integrity of our information and its processing methods. We take steps to ensure the completeness and accuracy of information, preventing unauthorized modification, tampering, or destruction. This includes implementing data validation processes, maintaining secure backups, and conducting regular system audits to detect and address any vulnerabilities or anomalies.
  4. Availability: We guarantee the availability of information and associated assets to authorized users when required. We maintain the functionality and reliability of our hardware and software systems through regular maintenance, monitoring, and updates. Critical resources are redundantly designed to minimize disruptions to our operations. Furthermore, we have implemented robust business continuity management and capacity management practices to ensure seamless availability of our services.
  5. Compliance: We are committed to complying with all legal, regulatory, statutory, and contractual obligations related to information security. We regularly review and update our policies and practices to align with evolving laws and regulations. Our compliance efforts encompass data protection laws, industry standards, and any specific contractual requirements relevant to our business operations.
  6. Responsibility: Ensuring information security is the responsibility of every employee and stakeholder at CrowdSurf Services. We provide adequate training and awareness programs to educate our employees about their responsibilities in maintaining information security. Additionally, we designate accountable individuals to oversee the implementation and effectiveness of our Information Security Management System.
  7. Continual Improvement: We strive for continual improvement in our Information Security Management System. We regularly assess risks, monitor security incidents, and implement corrective actions to enhance our security measures. We encourage feedback from employees, customers, and stakeholders to identify areas for improvement and ensure the effectiveness of our information security practices.

Information Security Objectives At CrowdSurf Services, we have established specific objectives to guide our information security efforts. These objectives reflect our commitment to protecting our information assets and ensuring the confidentiality, integrity, and availability of information. The objectives are as follows:

  1. Develop and implement an Information Security Management System (ISMS): We will create and implement an ISMS that effectively protects our organization's information and information systems from internal and external threats. This system will provide a framework for managing information security risks and ensure that appropriate controls are in place.
  2. Compliance with regulatory, legal, and business requirements: We are committed to complying with all applicable regulatory, legal, and business requirements related to information security. We will stay updated on the evolving landscape of laws and regulations to ensure our practices remain in accordance with the latest requirements.
  3. Ensure confidentiality, integrity, and availability of Information Assets: We will prioritize the confidentiality, integrity, and availability of our information assets. This includes implementing controls to prevent unauthorized access, ensuring the accuracy and completeness of data, and maintaining the availability of information and associated assets when needed.
  4. Communication of security policies: We will effectively communicate our security policies to all employees, contractors, and vendors who have access to our information assets. Clear and concise policies will be provided to ensure that everyone understands their roles and responsibilities in maintaining information security.
  5. Identify information assets and assess risks: We will identify our information assets and conduct appropriate risk assessments to understand their vulnerabilities and the potential threats they may face. This will enable us to prioritize and implement necessary controls to mitigate risks effectively.
  6. Mitigate risks through controls: Based on the results of risk assessments, we will develop and implement a risk treatment plan to mitigate identified risks. Adequate controls will be documented and implemented to address vulnerabilities and protect our information assets.
  7. Annual information security awareness training: We will provide annual information security awareness training to all employees to ensure they have the necessary knowledge and understanding of information security best practices. This training will help foster a culture of security awareness and accountability within our organization.
  8. Implement appropriate access controls: We will establish and enforce appropriate access controls to protect against unauthorized access to our information assets. Access privileges will be granted based on the principle of least privilege, ensuring that individuals have access only to the information necessary for their roles.

These information security objectives guide our efforts in protecting our information assets and maintaining a secure environment. We are committed to continually improving our information security practices and adapting to emerging threats and technologies. By aligning our actions with these objectives, we aim to instill confidence in our employees, contractors, and vendors regarding the security of our information assets.

By adhering to these objectives, we demonstrate our commitment to maintaining a strong information security posture and protecting our information assets. This policy applies to all CrowdSurf Services employees, contractors, and vendors, emphasizing the shared responsibility in maintaining information security.

For any questions or concerns regarding our Information Security Policy or the handling of information security matters, please contact us at privacy@crowdsurfcompany.com.