BRAWT Company
SECURITY POLICY

Effective Date: 1 January 2024

BRAWT Company (“we,” “us,” or “our”) is committed to ensuring the security and protection of the data and information we handle. This Security Policy outlines the measures we take to safeguard our systems, data, and the privacy of our users.

 

1. Purpose

The purpose of this Security Policy is to define our approach to securing data, systems, and services, and to provide guidelines for maintaining a secure environment.

 

2. Scope

This policy applies to all employees, contractors, vendors, and any other individuals or entities with access to our systems and data.

 

3. Security Measures

3.1 Access Control:

  • Authorisation: Access to our systems and data is restricted to authorised personnel only. Access levels are based on job responsibilities and the principle of least privilege.
  • Authentication: Strong authentication mechanisms, such as multi-factor authentication (MFA), are used to verify the identity of users accessing our systems.

3.2 Data Protection:

  • Encryption: Sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Data Minimisation: We collect and retain only the minimum amount of personal data necessary for our operations and legal obligations.

3. 3 Network Security:

  • Firewalls: Firewalls are used to protect our internal networks from unauthorised access and external threats.
  • Intrusion Detection and Prevention: Intrusion detection and prevention systems (IDPS) are deployed to monitor and respond to potential security incidents.

3.4 Physical Security:

  • Facility Security: Our facilities are secured with physical access controls, surveillance systems, and security personnel to prevent unauthorised entry.
  • Device Security: All company devices are secured with encryption, password protection, and anti-malware software.

3.5 Incident Response:

  • Incident Management: We have an incident response plan in place to detect, respond to, and recover from security incidents. Incidents are documented, and post-incident reviews are conducted to improve our security posture.
  • Notification: In the event of a data breach, affected parties will be notified in accordance with legal and regulatory requirements.

3.6 Employee Training:

  • Security Awareness: Employees receive regular training on security best practices, data protection, and how to identify and report security threats.
  • Policy Acknowledgment: Employees are required to acknowledge and comply with our security policies and procedures.

3.7 Third-Party Security:

  • Vendor Management: We conduct due diligence and security assessments of third-party vendors and partners to ensure they meet our security standards.
  • Contracts: Security requirements and data protection obligations are included in contracts with third-party vendors and partners.

4. Compliance

4.1 Regulatory Compliance: We comply with all applicable data protection and privacy laws, including GDPR, CCPA, and any other relevant regulations.

4.2 Internal Audits: Regular internal audits are conducted to ensure compliance with this policy and to identify and address any security vulnerabilities.

 

5. Policy Review

This Security Policy is reviewed and updated annually or as needed to reflect changes in our operations, regulatory requirements, or industry best practices.

 

6. Contact Information

For any questions or concerns regarding this Security Policy, please contact us by using the form below.

 

 

By adhering to this Security Policy, we ensure the protection of our systems, data, and the privacy of our users.

 

Contact Us

If you have any questions or concerns about our policies, please don’t hesitate to reach out. Fill out the form, and we will respond within 24 hours (excluding weekends).