Privacy Policy

Last updated: Sep 28, 2024

1. Introduction

RISE ELEGANCE INC (“the Company”) is committed to protecting the confidentiality, integrity, and availability of its information assets. This Information Security Policy outlines the Company’s approach to managing and securing information to ensure business continuity, minimize risk, and maximize return on investments and business opportunities.

2. Purpose

The purpose of this policy is to:

  • Safeguard the Company’s information assets against unauthorized access or modification.
  • Protect the privacy of employees, customers, and partners.
  • Ensure compliance with applicable laws, regulations, and contractual obligations.
  • Establish a framework for identifying and managing information security risks.

3. Scope

This policy applies to all employees, contractors, consultants, temporary staff, and other workers at RISE ELEGANCE INC, including all personnel affiliated with third parties. It covers all information assets owned, leased, or processed by the Company.

4. Roles and Responsibilities

4.1. Executive Management

  • Provide leadership and commitment to information security.
  • Ensure adequate resources are allocated for implementing this policy.

4.2. Information Security Officer (ISO)

  • Develop and maintain the Information Security Policy.
  • Oversee information security initiatives and compliance.

4.3. Department Managers

  • Ensure their teams comply with the policy.
  • Report security incidents promptly.

4.4. Employees and Contractors

  • Adhere to the Information Security Policy.
  • Report any suspected security incidents.

5. Information Security Principles

5.1. Confidentiality

Information must be accessible only to those authorized to have access.

5.2. Integrity

Safeguard the accuracy and completeness of information and processing methods.

5.3. Availability

Ensure that authorized users have access to information and associated assets when required.

6. Access Control

  • Access to information systems is granted on a need-to-know basis.
  • Unique user IDs and strong passwords are mandatory.
  • Multi-factor authentication (MFA) is required for access to sensitive systems.
  • Regular reviews of user access rights must be conducted.

7. Data Classification and Handling

Information assets must be classified into the following categories:

  • Public: Information intended for public dissemination.
  • Internal Use Only: Non-sensitive information for internal operations.
  • Confidential: Sensitive information requiring protection.
  • Restricted: Highly sensitive information with strict access controls.

Appropriate handling procedures must be followed based on the classification level.

8. Network Security

  • All network devices must be configured securely.
  • Firewalls and intrusion detection/prevention systems must be in place.
  • Regular vulnerability assessments and penetration tests must be conducted.
  • Remote access must be secured through VPN and MFA.

9. Physical Security

  • Secure areas must be protected by appropriate entry controls.
  • Servers and networking equipment must be housed in controlled environments.
  • Visitors must be escorted in sensitive areas.

10. Incident Response

  • All security incidents must be reported to the ISO immediately.
  • An incident response plan must be established and maintained.
  • Post-incident reviews must be conducted to improve future responses.

11. Compliance and Audit

  • Compliance with this policy is mandatory.
  • Regular audits will be conducted to ensure adherence.
  • Violations may result in disciplinary action, up to and including termination.

12. Training and Awareness

  • All personnel must receive information security training during onboarding and annually thereafter.
  • Specialized training must be provided for roles with specific security responsibilities.

13. Third-Party Security

  • Third parties with access to Company information must comply with this policy.
  • Security requirements must be included in all third-party contracts.

14. Data Privacy

  • Personal data must be processed in accordance with applicable data protection laws.
  • Privacy impact assessments must be conducted for systems handling personal data.

15. Business Continuity and Disaster Recovery

  • Business continuity plans must be developed and maintained.
  • Regular backups of critical data must be performed and tested.
  • Disaster recovery plans must be in place for critical systems.

16. Policy Review and Updates

  • This policy must be reviewed at least annually.
  • Updates may be made in response to changes in legislation, regulations, or the business environment.

Acknowledgment

All employees and contractors must sign an acknowledgment that they have read, understood, and agree to comply with the Information Security Policy.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: