Last Updated: 23/02/2024
At MALAUK Digital and Marketing Agency, we are committed to ensuring the security and protection of our clients’ and users’ information. This Security Policy outlines the measures we take to safeguard data and mitigate security risks across our operations.
1. Information Security
We implement robust measures to protect sensitive information from unauthorised access, disclosure, alteration, or destruction. These measures include:
- Access Controls: Limiting access to confidential information to authorised personnel only through role-based access controls (RBAC) and multi-factor authentication (MFA) where applicable.
- Encryption: Using encryption protocols to secure data both in transit and at rest.
- Secure Development Practices: Following secure coding standards and conducting regular code reviews to prevent vulnerabilities in our software and applications.
- Regular Audits and Assessments: Conducting security audits and assessments to identify and address potential security risks.
- Incident Response Plan: Maintaining an incident response plan to effectively respond to and mitigate security incidents or breaches.
- Employee Training: Providing security awareness training to employees to educate them about security best practices and their role in maintaining a secure environment.
2. Data Protection
We adhere to data protection laws and regulations to ensure the privacy and confidentiality of personal and sensitive information. Our data protection practices include:
- Data Minimisation: Collecting and storing only the minimum amount of information necessary to fulfil business purposes.
- Data Access Controls: Implementing access controls to limit access to personal and sensitive data to authorised personnel.
- Data Retention: Establishing data retention policies to ensure that data is retained only for as long as necessary and securely disposed of when no longer needed.
- Data Transfer: Ensuring secure transfer of data through encrypted channels and adherence to data protection laws when transferring data across borders.
3. Physical Security
We maintain physical security measures to protect our facilities and equipment from unauthorised access, theft, or damage. These measures include:
- Access Controls: Implementing access controls such as key card systems or biometric scanners to restrict access to our facilities.
- Surveillance: Installing security cameras to monitor our premises and deter unauthorised access.
- Facility Maintenance: Regularly inspecting and maintaining our facilities to address potential security vulnerabilities.
4. Vendor Security
We assess the security practices of our vendors and partners to ensure that they meet our security standards and adhere to applicable laws and regulations.
- Vendor Risk Management: Conducting due diligence assessments of vendors before engaging their services and monitoring their security practices on an ongoing basis.
- Contractual Obligations: Including security requirements and obligations in vendor contracts to ensure that vendors adhere to our security standards and protect our data.
5. Compliance
We comply with applicable laws, regulations, and industry standards related to information security and data protection.
- Regular Compliance Reviews: Conducting regular reviews to ensure compliance with applicable laws, regulations, and industry standards.
- Privacy Policy: Maintaining a transparent privacy policy that outlines our data practices and informs users about their rights regarding their personal information.
6. Incident Response
In the event of a security incident or breach, we have established procedures in place to respond promptly and effectively to mitigate the impact and prevent recurrence. Our incident response plan includes:
- Incident Identification: Promptly identifying and assessing security incidents or breaches.
- Containment: Taking immediate action to contain the incident and prevent further unauthorised access or damage.
- Investigation: Conducting a thorough investigation to determine the cause and extent of the incident.
- Notification: Notifying affected parties, regulatory authorities, and other relevant stakeholders as required by applicable laws and regulations.
- Remediation: Taking appropriate measures to remediate vulnerabilities and prevent similar incidents in the future.
7. Employee Responsibilities
All employees are responsible for maintaining the security of our systems and data. Employees are expected to:
- Follow security policies and procedures.
- Report any security incidents or concerns promptly.
- Participate in security training and awareness programs.
8. Policy Review and Updates
This Security Policy is reviewed and updated regularly to ensure its effectiveness and relevance. Updates to the policy will be communicated to employees and stakeholders as appropriate.
9. Contact Us
If you have any questions or concerns about this Security Policy or our security practices, please contact us at info@malauk.com.
Thank you for entrusting MALAUK Digital and Marketing Agency with your information. We are committed to protecting your data and maintaining the highest standards of security.