At Lorann LLC, our commitment to safeguarding the data and information of our clients, employees, and partners is unwavering. The Data Security Policy delineates our approach to managing data security risks, preserving our information assets, and ensuring compliance with relevant laws and industry standards.
Scope:
This policy is applicable to all individuals, including employees, contractors, and third parties, who access Lorann LLC’s data and information systems.
Data Classification:
Data within Lorann LLC is categorized as follows:
- Confidential: Information that, if disclosed, could cause harm to Lorann LLC or its stakeholders.
- Internal Use Only: Information not intended for public dissemination but unlikely to cause harm if disclosed.
- Public: Information authorized for public release.
Roles and Responsibilities:
Employees are accountable for adhering to this policy and protecting the data they handle. The IT Department is tasked with ensuring the operational security of all IT systems and infrastructure.
Data Protection Measures:
- Access Control: Data access is granted based on the principle of least privilege, ensuring that users only have access to data necessary for their job functions.
- Encryption: Industry-standard encryption methods are employed to encrypt data in transit and at rest, preventing unauthorized access.
- Physical Security: Access to Lorann LLC’s premises is controlled and monitored, and secure disposal methods are utilized for all physical records.
- Network Security: Our network is safeguarded through the use of firewalls, intrusion detection/prevention systems, and regular security assessments.
- Employee Training: Regular data security training is provided to all employees to familiarize them with their responsibilities and the importance of data protection.
Data Retention and Disposal:
Data is retained only for the necessary duration or as required by law, and secure methods are used for the disposal or deletion of data no longer needed.
Compliance and Review:
This policy will undergo annual review or be updated in response to significant business or regulatory changes. All employees and relevant third parties are expected to comply with this policy, and non-compliance may lead to disciplinary action, including termination of employment or contracts.
If you have any questions about this privacy policy, please contact us at [email protected]