Security And Compliance Policy
1. Introduction
This Security and Compliance Policy outlines the principles and practices that Identity Gram follows to ensure the security of its operations, data, and compliance with relevant laws and regulations. The policy highlights our commitment to protecting the confidentiality, integrity, and availability of sensitive information.
2. Information Security
2.1 Data Classification
All data processed and stored by Identity Gram is classified based on sensitivity, and appropriate security controls are applied accordingly.
2.2 Access Control
Access to systems, applications, and data is granted on a need-to-know basis. Role-based access controls are implemented to limit unauthorised access.
2.3 Authentication and Authorisation
Strong authentication mechanisms and multi-factor authentication (MA) are used to ensure proper user identification and authorisation.
2.4 Encryption
Data in transit and at rest is encrypted using industry-standard encryption protocols to protect against unauthorised access.
3. Data Protection and Privacy
3.1 Data Processing
Identity Gram processes personal data in accordance with applicable data protection laws and regulations. We collect, store, and process data only for legitimate and specified purposes.
3.2 Data Retention
Data is retained only for the duration required by law or for legitimate business purposes. After the retention period, data is securely disposed of.
3.3 Consent and User Rights
We respect user privacy and rights. User consent is obtained for data processing, and individuals are provided with access to their data and the ability to request corrections or deletions.
4. Compliance with Regulations
4.1. GDPR Compliance
Identity Gram complies with the General Data Protection Regulation (GDPR) requirements when processing personal data of EU citisens.
4.2. AML and KYC Regulations
We adhere to Anti-Money Laundering (AML) and Know Your Customer (KY) regulations, where applicable, to ensure proper identification and verification of users.
4.3. Regulatory Reporting
Identity Gram maintains records and provides necessary reports to comply with relevant industry and regulatory standards.
5. Incident Management
5.1. Security Incident Response
We maintain an incident response plan to detect, respond to, and mitigate security incidents. Incidents are reported, investigated, and resolved promptly.
5.2. Data Breach Notification
In case of a data breach, Identity Gram follows a predefined process to assess the situation, notify affected parties, and take appropriate remedial actions.
6. Employee Training and Awareness
6.1. Security Training
All employees receive regular security training to understand security best practices, data handling guidelines, and their roles in ensuring security.
6.2. Awareness Programs:
We conduct awareness programs to educate employees about data protection, privacy, and compliance obligations.
7. Continuous Improvement
Identity Gram is committed to continuous improvement of its security and compliance practices. We regularly review and update our policies, procedures, and security measures to adapt to changing threats and regulations.
8. Contact Information
For questions or concerns related to this Security and Compliance Policy, please contact our Security and Compliance team at info@identitygram.co.uk.