Information Security Policy

This Information Security Policy establishes the framework for managing information security related to Beawre's Software as a Service (SaaS) platform. The policy applies to all employees, contractors, and any individuals who interact with our SaaS platform, ensuring the confidentiality, integrity, and availability of data.

Our primary objectives are to protect our platform against unauthorized access, disclosure, alteration, and destruction, ensuring trust and reliability for our users.

• Management: Ensure the information security policy is aligned with business objectives and adequately resourced.

• IT Staff: Implement and maintain security measures, monitor compliance, and respond to security incidents.

• All Employees: Adhere to this policy, report security incidents (as per the separate Incident Management Policy), and complete mandatory security awareness training.

Bi-annual risk assessments will be conducted, focusing on the SaaS platform. These assessments will identify potential security threats and determine appropriate controls to mitigate risks.

• Data will be classified according to sensitivity and handled accordingly.

• Personal and sensitive data will be processed in compliance with GDPR and other relevant data protection laws.

• Data retention and disposal procedures will be strictly followed.

• Access to the SaaS platform will be based on the principle of least privilege.

• User accounts will be reviewed quarterly to ensure appropriate access rights are maintained.

• Multi-factor authentication will be mandatory for all platform access.

• Regular backups of data on the SaaS platform will be conducted and tested for integrity.

• Anti-malware measures will be implemented and updated regularly.

• Security patches for the platform will be applied promptly.

• Data in transit to and from the SaaS platform will be encrypted using industry-standard protocols.

• Network security controls will be in place to protect data and services.

• Security will be integrated into the software development lifecycle of the SaaS platform.

• Regular security testing, such as penetration testing, will be conducted.

• Regular reviews will be conducted to ensure that service providers meet our security requirements.

• Service level agreements and security capabilities of providers will be aligned with our security needs.

• Compliance with legal, regulatory, and contractual obligations will be regularly reviewed and audited.

• Regular training on compliance requirements will be provided to all relevant staff.

• Mandatory security awareness training for all employees upon hiring and annually thereafter.

• Specialized training for staff with critical roles in managing the SaaS platform.

This policy will be reviewed and updated annually or in response to significant changes in the threat landscape or business operations.