INFORMATION SECURITY POLICY
The nature of the VIRDEE LLC business requires the exchange of information both internally and externally with customers, partners, and other business stakeholders. To maintain the continuity of our business, it is important to take the measures to protect information assets from internal and external, intentional, or accidental threats to confidentiality, integrity, and availability of information.
VIRDEE information security objectives
- Focus on Virdee key resources – “people first” (asset management)
- Identify and minimize threats that can harm Virdee business (risk management)
- Maintain a secure working environment: Physical, SW &HW
- “Information by need” – well defined internal and external access control
- Meet and maintain regulatory compliance
- Improve – define and act corrective measures process (A LEARNING ORGANIZATION)
- Maintain Business Continuity
Principles of Information Security Policy
- Ensure the confidentiality of information and protect it from unauthorized access and misuse.
- Maintain the integrity of information to ensure its lasting accuracy and applicability.
- Make information and information systems available to stakeholders in accordance with business needs.
- Build relationships and maintain communication with business stakeholders with an understanding of their own context and the needs and expectations of stakeholders.
- Regularly carry out the identification, analysis, and assessment of information security risks in the planned periods.
- Decisions and actions based on the results of the regular information security risk assessment.
- Ensure information security awareness, education, and training for employees.
- Apply information security measures to ensure compliance with legal, regulatory, and contractual requirements, as well as other information security requirements that we have undertaken to comply with.
- Ensure appropriate controls and continuous improvement by measurable goals and monitoring the performance of the system and applied information security measures.
- Reporting information security threats in a timely manner to the ISO management of the company.
- Investigate and analyze security incidents and take appropriate actions to address the causes of threats and reduce risks.
- Develop, maintain, and test recovery plans from the consequences of security incidents and business continuity.
In order to meet these obligations and ensure the appropriate level of controls necessary to demonstrate compliance with the adopted processes, our policy is to maintain a functional and effective information security management system that is established, maintained, and improved in accordance with the requirements of the international standard ISO/IEC 27001:2013.
The CO-CEO of VIRDEE LLC is responsible for communicating the Information Security Policy to all the personnel working for or on behalf of VIRDEE LLC and making it available to relevant interested parties.
Nadav Cornberg, Co-CEO
Austin, July 20th, 2022