Purpose and Scope
This policy outlines AESC’s approach to information security management and applies to all personnel, contractors, and third-party vendors handling AESC’s information assets.
Roles and Responsibilities
All employees, contractors, and third parties are responsible for maintaining information security. Specific roles include:
- Management: Responsible for policy oversight and ensuring resources for security management.
- Security Team: Implementing, monitoring, and enforcing security policies and responding to incidents.
- Employees and Contractors: Adhering to security policies, participating in security training, and reporting incidents promptly.
Security Measures
- Access Controls: Limiting information access strictly to authorized personnel based on role and need.
- Data Encryption: Securing data both in transit (via HTTPS) and at rest using industry-standard encryption protocols.
- Monitoring and Auditing: Continuous monitoring of system activity to detect unauthorized access and security threats promptly.
- Incident Response: Defined procedures for identifying, responding to, and recovering from security incidents.
- Employee Training: Ongoing security awareness training for all staff to ensure understanding and compliance with security best practices.
- Vendor Management: Rigorous evaluation and regular review of third-party vendors to confirm adherence to our information security standards.
Policy Compliance
Compliance with this policy is mandatory. Regular audits and assessments will be conducted to ensure compliance. Non-compliance may result in disciplinary action or contractual penalties.
Review and Updates
This policy will be reviewed annually and updated as needed to reflect changes in regulatory requirements, security threats, and industry best practices.
For any security concerns or questions, please reach out to our dedicated security team at security@aesc.org
