Reset Filters

Information Security Policy

Purpose 

This document defines the technical controls and security configurations required to ensure the integrity and availability of the data environment at eOne Solutions. It serves as a central policy document with which all employees and contractors must be familiar and defines actions that all users must follow.

The purpose of this Information Security Policy is to provide a comprehensive framework for:

  • Ensuring that regular review of this manual is conducted at a minimum annually or more frequently as needed.
  • Protecting the confidentiality, integrity, and availability of eOne Solutions assets.
  • Protecting eOne Solutions, its employees, and clients from the illicit use of eOne Solutions information assets and information resources.
  • Ensuring the effectiveness of information security controls over information assets and information resources that support eOne Solutions operations.
Scope 

This policy applies to all employees, users, and third parties who access or use eOne Solutions information assets, regardless of physical location.

IT resources include all company-owned, licensed, leased, or managed hardware and software and use the eOne Solutions network via a physical or wireless connection, regardless of the ownership of the computing device connected to the network.

Policy 
  • The Information Security Policy is a master document for all policies and procedures established in the company.
  • All other policies aim to support this policy in describing requirements and processes and setting definite rules for supporting a strong level of Information Security.
  • Each policy has an owner who is responsible for:
    • Ensuring that it is kept up to date.
    • Ensuring that it is understandable and reflects the current state of information security.
    • Ensuring that it is communicated to all employees.
  • Policies and procedures are reviewed annually or in case of change and approved by the Security Committee.
  • All Information Security documentation is shared with all eOne employees.
Communication Security
  • Employees must use only approved ways for communication: phone, email, chat, or other for corporate use only.
  • Employees should not open any attachments from unknown senders or when received unexpectedly.

For more information on this topic, refer to eOne Solutions Acceptable Use Policy.

Data Classification

Here are some recommendations for securing confidential information:

  • Do not disclose the confidential data without proper authorization and ensure that person has the NDA signed with eOne Solutions.
  • Do not download any company’s data on your personal device.
  • Lock or secure, confidential paper documents always.
  • Destroy confidential documents when they’re no longer needed.
  • Encrypt electronic data.
  • Make sure employees view confidential data on secure devices.
  • Avoid transferring sensitive data to other devices or accounts unless necessary.
  • Ensure that the recipients of transferred sensitive data are properly authorized people and respective organizations have adequate security policies.
  • Return any confidential data and delete it from personal devices (where applicable) when employees stop working for our company.
  • Employees should not:
    • Use confidential information for any personal benefit or profit.
    • Replicate confidential data and store it on insecure devices.

For more information on Data Classification, refer to eOne Solutions Data Classification Policy.

Security Awareness

Employees are obligated to participate in the Securing Awareness training sessions upon starting employment and annually after that. The training material is selected by the Information Security Manager and approved by the Information Security Committee. The understanding of given material is checked in the form of a Questionnaire.

Prohibited Activities

Personnel is prohibited from the activities that are referenced in all other sub-policies – eOne Solutions Information Security policies.

Compliance and Enforcement 

Compliance with this policy is mandatory. Non-compliance may result in disciplinary action, up to and including termination of employment.

Change, Review, and Update 

This policy shall be reviewed once every year unless the owner considers an earlier review necessary to ensure that the policy remains current. Changes to this policy shall be exclusively performed by the Information Security Manager and approved by the IT Committee.  

Responsibility 

This is the responsibility of the Information Security Manager to maintain and make sure everyone is aware of this policy. 

Revisions 
  • 19 September 2024 
  • This policy will be reviewed for continued completeness, relevance, and accuracy at yearly intervals or less. 
Need to contact us?

If there are any questions regarding this Information Security Policy, you may contact us using the information below.

4170 41st Avenue South, Suite 101
Fargo, ND 58104
USA

+1 888-319-3663

privacy@eonesolutions.com