Data Security Policy

1. Introduction:

Welcome to the Data Security Policy of Owned By All, a commitment to safeguarding the integrity, confidentiality, and availability of our data. This policy outlines our dedication to compliance with relevant laws and standards, ensuring the highest standards of data security. As the CEO, Shane Appleyard, I take personal responsibility for overseeing the implementation of this policy.

2. Scope:

This policy applies to all employees, contractors, and third parties associated with Owned By All. It governs the handling, processing, and storage of data across all facets of our operations, reinforcing our commitment to a secure digital environment.

3. Data Classification:

Data at Owned By All is classified into categories such as Public, Confidential, and Personal Identifiable Information (PII). Each category has specific handling procedures to ensure appropriate protection. It is imperative that employees understand and adhere to these classifications.

4. Access Controls:

Owned By All implements robust access controls to ensure data security:

  • User Authentication Protocols: We employ secure authentication methods to verify the identity of users.
  • Authorization Levels and Access Permissions: Access permissions are defined based on job roles, with strict authorization levels.
  • Multi-Factor Authentication Implementation: Multi-factor authentication adds an extra layer of security for user access.

5. Data Encryption:

Data encryption is a fundamental aspect of our data security strategy:

  • Encryption Standards for Data in Transit: We adhere to industry standards to encrypt data during transit.
  • Encryption Protocols for Data at Rest: Data at rest is securely encrypted using established protocols.
  • Key Management Procedures: Proper key management ensures the integrity of our encryption processes.

6. Data Storage and Transmission:

We follow stringent guidelines for the storage and transmission of data:

  • Guidelines for Secure Data Storage: Secure storage protocols are in place to protect sensitive information from unauthorized access.
  • Protocols for Secure Data Transmission: Data transmission follows secure protocols to prevent interception or tampering.
  • Storage and Transmission of Sensitive Information: Special attention is given to the secure handling of sensitive information during storage and transmission.

7. Password Policies:

Our password policies are designed to enhance data security:

  • Password Strength Requirements: Passwords must meet specific complexity criteria for enhanced security.
  • Regular Password Updates: Periodic updates ensure ongoing protection against unauthorized access.
  • Policies for Storing and Retrieving Passwords: Secure protocols govern the storage and retrieval of passwords.

8. Security Training and Awareness:

We prioritize employee training and awareness to maintain a security-conscious culture:

  • Employee Training Programs: Comprehensive training programs educate employees on security best practices.
  • Periodic Awareness Campaigns: Regular campaigns reinforce security awareness throughout the organization.
  • Reporting Procedures for Security Concerns: Clear reporting channels are established for employees to raise security concerns.

9. Incident Response:

Our incident response plan ensures a swift and effective response to security incidents:

  • Clearly Defined Incident Reporting Procedures: Employees follow clear procedures for reporting security incidents.
  • Escalation Protocols: Incident escalation procedures are in place for timely resolution.
  • Steps for Investigating and Resolving Security Incidents: A structured approach guides the investigation and resolution of security incidents.

10. Security Audits and Assessments:

We conduct regular audits and assessments to ensure robust security controls:

  • Regular Audits of Security Controls: Scheduled audits assess the effectiveness of our security controls.
  • Vulnerability Assessments: Ongoing vulnerability assessments identify and address potential security vulnerabilities.
  • Penetration Testing Procedures: Regular penetration testing evaluates the resilience of our systems against simulated attacks.

11. Data Backups:

Our data backup procedures prioritize data integrity and availability:

  • Regular Backup Schedules: Data is regularly backed up according to defined schedules.
  • Offsite Storage Protocols: Backup data is stored securely in offsite locations for redundancy.
  • Data Recovery Procedures: Well-defined procedures are in place for the swift and secure recovery of data.

12. Third-Party Security:

We ensure the security of data handled by external collaborators:

  • Assessment of Third-Party Security Measures: Third-party security measures are thoroughly assessed for compliance.
  • Requirements for Third-Party Compliance: Clear requirements are communicated to external collaborators to ensure compliance.
  • Data Handling Protocols for External Collaborators: Protocols govern the secure handling of data by external collaborators.

13. Physical Security:

We implement robust physical security measures to safeguard data:

  • Physical Access Controls to Data Centers: Access to data centers is restricted and monitored.
  • Protection of Hardware and Storage Facilities: Hardware and storage facilities are secured against unauthorized access.
  • Surveillance and Monitoring Systems: Surveillance systems are in place to monitor physical access points.

14. Privacy Policies:

Our privacy policies align with global regulations to protect personal data:

  • Alignment with Privacy Regulations: We adhere to privacy regulations such as GDPR and CCPA to protect user privacy.
  • Handling Personal Data and Privacy Measures: Strict measures are in place for handling and securing personal data.

15. Compliance:

We are committed to legal and regulatory compliance:

  • Declaration of Commitment to Legal and Regulatory Compliance: We declare our commitment to complying with all relevant laws and regulations.
  • Regular Updates to Policies Based on Changes in Laws: Policies are regularly updated to reflect changes in legal and regulatory requirements.

16. Enforcement:

We enforce our data security policies with diligence:

  • Consequences for Policy Violations: Violations of policies will result in appropriate consequences.
  • Disciplinary Actions for Non-Compliance: Non-compliance with policies may lead to disciplinary actions.
  • Whistleblower Protection Mechanisms: We provide mechanisms to protect whistleblowers reporting security concerns.

17. Policy Review and Revision:

We regularly review and update our data security policies:

  • Regular Review of Policy Effectiveness: Policies are regularly reviewed to assess their effectiveness.
  • Procedures for Policy Updates: Defined procedures are followed for updating and revising policies.
  • Communication of Policy Revisions to Relevant Parties: Revised policies are communicated to all relevant parties.

18. Contacts:

For security concerns and incident reporting, please contact:

  • Designated Contacts for Security Concerns: Shane Appleyard, CEO – privacy@ownedbyall.com
  • Reporting Channels for Security Incidents: Follow the designated reporting channels for reporting security incidents.

19. Acknowledgment:

We require all employees to acknowledge and adhere to our data security policies:

  • Requirement for Employees to Acknowledge Understanding of the Policy: All employees must acknowledge their understanding of the policy.
  • Periodic Reaffirmation of Compliance: Employees will periodically reaffirm their commitment to compliance with the policy.

20. Document Control:

We maintain strict control over the documentation of our data security policies:

  • Version Control and Document History: Policies undergo version control, and a documented history is maintained.
  • Procedures for Document Distribution and Accessibility: Defined procedures are in place for distributing and ensuring accessibility of policy documents.