Information Security Policy
Policy Owner: LucasJarvis
Effective Date: 25.01.03.2025
Overview
This Information Security Policy is intended to protect Tekai's employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
...
All users are required to report known or suspected security events or incidents, including policy violations and observed security weaknesses. Incidents shall be reported immediately or as soon as possible by email to info@Tekaimanagers@tekai.comfi
In your email please describe the incident or observation along with any relevant details.
...
Anonymous reports may be submitted via _______enter the form to submit report___________email to managers@tekai.fi. The management team shall not share the information regarding the reports to any other employees.
Mobile Device Policy
All end-user devices (e.g., mobile phones, tablets, laptops, desktops) must comply with this policy. Employees must use extreme caution when opening email attachments received from unknown senders, which may contain malware.
...
- Devices must be locked with a password (or equivalent control such as biometric) protected screensaver or screen lock after 5 minutes on non-use
- Devices must be locked whenever left unattended
- Users must report any suspected misuse or theft of a mobile device immediately to the COOCIO
- Confidential information must not be stored on mobile devices or USB drives (this does not apply to business contact information, e.g., names, phone numbers, and email addresses)
- Any mobile device used to access company resources (such as file shares and email) must not be shared with any other person
- Upon termination users agree to return all company owned devices and delete all company information and accounts from any personal devices
...
Personnel are responsible for reading and complying with all policies relevant to their roles and responsibilities.
Role | Purpose |
AccessControlPolicy | To limit access to information and information processing systems, networks, and facilities to authorized parties in accordance with business objectives. |
AssetManagementPolicy | To identify organizational assets and define appropriate protection responsibilities. |
Business Continuity & Disaster Recovery Plan | To prepare Tekai in the event of extended service outages caused by factors beyond our control (e.g., natural disasters, man-made events), and to restore services to the widest extent possible in a minimum time frame. |
CryptographyPolicy | To ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information. |
DataManagementPolicy | To ensure that information is classified and protected in accordance with its importance to the organization. |
HumanResourcesPolicy | To ensure that employees and contractors meet security requirements, understand their responsibilities, and are suitable for their roles. |
IncidentResponsePlan | Policy and procedures for suspected or confirmed information security incidents. |
OperationsSecurityPolicy | To ensure the correct and secure operation of information processing systems and facilities. |
PhysicalSecurityPolicy | To prevent unauthorized physical access or damage to the organization's information and information processing facilities. |
RiskManagementPolicy | To define the process for assessing and managing Tekai's information security risks in order to achieve the company's business and information security objectives. |
SecureDevelopmentPolicy | To ensure that information security is designed and implemented within the development lifecycle for applications and information systems. |
Third-PartyManagementPolicy | To ensure protection of the organization's data and assets that are shared with, accessible to, or managed by suppliers, including external parties or third-party organizations such as service providers, vendors, and customers, and to maintain an agreed level of information security and service delivery in line with supplier agreements. |
Policy Compliance
Tekai will measure and verify compliance to this policy through various methods, including but not limited to ongoing monitoring, and both internal and external audits.
...
Requests for an exception to this policy must be submitted to the COO CIO for approval.
Violations & Enforcement
Any known violations of this policy should be reported to the COOCIO. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.
Version | Date | Description | Author | Approved by |
1.0 | 01.03.2025 | First version | Lucas |