1. Introduction

This Security and Compliance Policy outlines the principles and practices that Identity Gram follows to ensure the security of its operations, data, and compliance with relevant laws and regulations. The policy highlights our commitment to protecting the confidentiality, integrity, and availability of sensitive information.

2. Information Security

2.1. Data Classification

All data processed and stored by Identity Gram is classified based on sensitivity, and appropriate security controls are applied accordingly.

2.2. Access Control

Access to systems, applications, and data is granted on a need-to-know basis. Role-based access controls are implemented to limit unauthorised access.

2.3. Authentication and Authorization

Strong authentication mechanisms and multi-factor authentication (MA) are used to ensure proper user identification and authorization.

2.4. Encryption

Data in transit and at rest is encrypted using industry-standard encryption protocols to protect against unauthorised access.

3. Data Protection and Privacy

3.1. Data Processing

Identity Gram processes personal data in accordance with applicable data protection laws and regulations. We collect, store, and process data only for legitimate and specified purposes.

3.2. Data Retention

Data is retained only for the duration required by law or for legitimate business purposes. After the retention period, data is securely disposed of.

3.3. Consent and User Rights

We respect user privacy and rights. User consent is obtained for data processing, and individuals are provided with access to their data and the ability to request corrections or deletions.

4. Compliance with Regulations

4.1. GDPR Compliance

Identity Gram complies with the General Data Protection Regulation (GDPR) requirements when processing personal data of EU citizens.

4.2. AML and KYC Regulations:

We adhere to Anti-Money Laundering (AML) and Know Your Customer (KY) regulations, where applicable, to ensure proper identification and verification of users.

4.3. Regulatory Reporting:

Identity Gram maintains records and provides necessary reports to comply with relevant industry and regulatory standards.

5. Incident Management

5.1. Security Incident Response

We maintain an incident response plan to detect, respond to, and mitigate security incidents. Incidents are reported, investigated, and resolved promptly.

5.2. Data Breach Notification

In case of a data breach, Identity Gram follows a predefined process to assess the situation, notify affected parties, and take appropriate remedial actions.

6. Employee Training and Awareness

6.1. Security Training

All employees receive regular security training to understand security best practices, data handling guidelines, and their roles in ensuring security.

6.2. Awareness Programs:

We conduct awareness programs to educate employees about data protection, privacy, and compliance obligations.

7. Continuous Improvement

Identity Gram is committed to continuous improvement of its security and compliance practices. We regularly review and update our policies, procedures, and security measures to adapt to changing threats and regulations.

8. Contact Information

For questions or concerns related to this Security and Compliance Policy, please contact our Security and Compliance team at Info@identitygram.co.uk