General information security policy
At bao, we recognize the value of information and privacy and have therefore implemented a security management system to control all our information security efforts. The security policy applies to everyone involved in our company.
Principles
- Protect bao solutions' information and IT assets (including but not limited to all computers, mobile devices, network equipment, software and sensitive data) against all internal, external, intentional or accidental threats and mitigate the risks associated with theft, loss, misuse, damage or abuse of these systems.
- Ensures that the information is protected against unauthorized access. Users only have access to resources for which they have been given special access authorization. The assignment of authorizations must be strictly controlled and regularly reviewed.
- Protects the CONFIDENTIALITY of information. When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized persons
- Ensures the INTEGRITY of information. The integrity of information refers to the protection of information that is modified by unauthorized persons
- Maintain the AVAILABILITY of information for business processes. Availability of information refers to ensuring that authorized parties can access the information when needed. Comply with national legal and regulatory requirements and exceed them wherever possible.
- Develops, maintains and tests business continuity plans to ensure we stay on course despite any obstacles. It's about "keeping calm and carrying on".
- Raise awareness of information security by providing information security training to all employees. Security awareness and targeted training must be consistent, responsibility for security must be reflected in job descriptions, and compliance with security requirements must be expected and accepted as part of our culture.
- Ensures that no action is taken against any employee who discloses information security concerns through reporting or direct contact with the Head of Information Security Management, unless such disclosure clearly indicates an illegal act, gross negligence or repeated willful or deliberate disregard of policies or procedures.
Report any actual or suspected information security breaches to security@bao-solutions.com or via the contact form here.