Information Security Program
Information Security Program
Section titled “Information Security Program”FrontRunnerHC is committed to protecting its employees, partners, clients and itself from damaging acts that are intentional or unintentional. Effective information security is a team effort involving the participation and support of every FrontrunnerHC user who interacts with data and systems. Therefore it is the responsibility of every user to know and understand this program and to conduct their activites accordingly.
Protecting company data and the systems that collect, process, and maintain this information is of critical importance. Consequently, the security of systems must include controls and safeguards to offset possible threats, as well as controls to ensure accountability, availability, integrity, and confidentiality of the data:
- Confidentiality - Confidentiality adddresses preserving restrictions on information access and disclosure so that access is restricted to only authorized users and services.
- Integrity - Integrity addresses the concern that sensitive data has not been modified or deleted in an unauthorized and undetected manner.
- Availability - Availability addresses ensuring timely and reliable access to, and use of information.
Security measures must be taken to guard against unauthorized access to, alteration, disclosure or destruction of data and systems. This also includes protection against accidental loss or destruction.
The policies below, including related procedures, are necessary to support the management of information risks in daily operations. The development of policies provides due care to ensure FrontRunnerHC users understand their day-to-day security responsibilities and the threats that could impact the company.
Implementing consistent security controls across the company will help FrontRunnerHC comply with current and future legal obligations to ensure long-term due diligence in protecting the confidentiality, integrity and availability of FrontRunnerHC data.
Information Security Policies
Section titled “Information Security Policies”The core component of any information security program is the set of policies that govern an organization’s program. These policies define “what should be done” within an orgization, based on regulatory, legal and contractual requirements.
Information Security Procedures
Section titled “Information Security Procedures”Procedures are used when specific aspects of a security policy or standard are required and detailed step-by-step instructions are best supplied. Thus, a Procedure tells “how something is done”.