Information Security Plan
Jonathan Larson
Information Security Plan
Information Security Plan
Objective:
Our objective in the development and implementation of this written information security plan is to create effective administrative, technical and physical safeguards in order to protect our customer non-public information. The Plan will evaluate our electronic and physical methods of accessing, collecting, storing, using, transmitting, protecting, and disposing of our customer’s non-public personal information.
Purpose:
Ensure the security and confidentiality of our customers information
Protect against any anticipated threats or hazards to the security or integrity of our customers
Protect against unauthorized transactions or access to or use of customer information that could result in substantial harm or inconvenience to any of our customers
Plan:
Identify reasonable foreseeable internal and external threats that could results in unauthorized disclosure, misuse, alterations, or destruction of customer information.
Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information.
Evaluate the sufficiency of existing policies, procedures, customer’s information systems, and other safeguards in place to control risk.
Steps:
A) Appoint a specific person or persons within the firm to be responsible for:
Initial implementation of the plan
Training of employees Regular testing of the controls and safeguards established by the plan
Evaluate the ability of prospective service providers to maintain appropriate information security practices ensuring that such providers are require complying with this information security plan, and monitoring such providers for compliance.
B) Conduct annual training session for all owners, managers, employees, and independent contractors- and periodic training for new employees
C) Determine reasonably foreseeable internal threats that could result in unauthorized
Information Security Plan
Information Security Plan
Objective:
Our objective in the development and implementation of this written information security plan is to create effective administrative, technical and physical safeguards in order to protect our customer non-public information. The Plan will evaluate our electronic and physical methods of accessing, collecting, storing, using, transmitting, protecting, and disposing of our customer’s non-public personal information.
Purpose:
Ensure the security and confidentiality of our customers information
Protect against any anticipated threats or hazards to the security or integrity of our customers
Protect against unauthorized transactions or access to or use of customer information that could result in substantial harm or inconvenience to any of our customers
Plan:
Identify reasonable foreseeable internal and external threats that could results in unauthorized disclosure, misuse, alterations, or destruction of customer information.
Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information.
Evaluate the sufficiency of existing policies, procedures, customer’s information systems, and other safeguards in place to control risk.
Steps:
A) Appoint a specific person or persons within the firm to be responsible for:
Initial implementation of the plan
Training of employees Regular testing of the controls and safeguards established by the plan
Evaluate the ability of prospective service providers to maintain appropriate information security practices ensuring that such providers are require complying with this information security plan, and monitoring such providers for compliance.
B) Conduct annual training session for all owners, managers, employees, and independent contractors- and periodic training for new employees
C) Determine reasonably foreseeable internal threats that could result in unauthorized