DataByte Information Security Policy

DataByte takes the protection of company and client information very seriously. We have implemented a detailed Information Security Management System (ISMS) that covers everything from general employee behavior to specific technical measures. The companty achieved international certification based on the ISO 27001:2022 standard.
What does the Policy Cover ?
DataByte’s Information Security Policy covers a wide array of security areas to ensure comprehensive protection of company and client data. These areas include, but are not limited to:
  • Employee Conduct: Guidelines on how employees must handle sensitive company and customer information, maintaining its confidentiality, and the appropriate use of company information assets.
  • Password Management: Enforces complex passwords, changing them periodically and the prohibition of reusing old passwords, enhancing the security of user accounts.
  • Computer Viruses and Malware: Mandates the use of current virus-screening software on all company systems and strict procedures for handling files from third parties to prevent malware infections.
  • Data Encryption: Stipulates that sensitive information, when transmitted over network or stored on media, must be encrypted using approved commercial products, securing data at rest and in transit.
  • Use of Portable Devices and Media: Directs how transportable computers and media containing sensitive information should be handled securely, especially during travel.
  • USB Storage Device Usage: Limits the use of USB storage devices to prevent unauthorized data transfers, with strict enforcement through technical controls.
  • Email: Usage: Details the acceptable practices for electronic mail, including account management, forwarding, user identity, content regulations, and handling spam.
  • Network and Remote Access Security: Covers the secure setup and maintenance of networks, including firewalls, secure access protocols, and continuous monitoring.
  • Incident Response: Outlines the procedures for managing security incidents, specifying roles and responsibilities for an efficient response to threats or breaches.
  • Teleworking Security: Provides guidelines for remote workers to ensure the security of data and devices when accessed or used outside the office.
  • Equipment and Information Security: Advocates for keeping sensitive information secure through a clear desk policy and protecting logs to maintain an untampered audit trail.

This comprehensive coverage ensures that different aspects of information security are addressed, from user behavior and technical measures to handling potential security incidents and maintaining the integrity of remote work environments.

Through these practices, DataByte ensures the highest level of protection for both our and our clients’ information, fostering a secure and trustworthy digital environment.