03 9070 9031
Info@Isetinstitute.com

Data Security Protection Policy

Data Security Protection Policy

Scope
This policy applies to all data and information activities that occur within ISET Institute and the data security activities that must be performed to protect data and information.

Responsibility
The IT Department of ISET Institute is responsible for managing, upgrading and maintaining the elements and components of the company’s computing environment including, but not limited to, all hardware, systems, data, databases, associated peripheral devices, and primary and secondary software applications.
The IT Department is also responsible for maintaining and updating this policy with the approval of the CEO.

Objectives
The objective of this policy is to ensure the security and protection of data, databases and other data resources used by the company. This includes establishing and maintaining the confidentiality, integrity and availability of data needed by ISET Institute to conduct its business.

Strategy and focus
ISET Institute’s primary strategy for IT data security is to ensure ISET Institute’s data resources are secure, have appropriate access controls, have procedures to identify and prevent unauthorized access to ISET Institute data and databases, whether locally accessed or stored in managed services, such as cloud storage, and are aligned with the principles as stated in the standards ISO/IEC 27001, ISO/IEC 27002, NIST SP 800-53, FISMA and HIPAA. Ensuring guidelines are meant with GDPR.

This policy addresses all IT data security activities at ISET Institute including data files, databases and all electronic data elements within the IT computing environment.

Policy
The confidentiality, integrity and availability of all company data, databases and other information resources are to be managed by a formal information data security program. This program will provide a controlled and orderly method by which access to ISET Institute data is requested and granted, security of data is monitored and analysed, violations of data security are addressed and mitigated and changes to data security systems and procedures are requested, tested, approved and communicated for audit and recordkeeping purposes.

The following are required data security processes:

  • The IT department will define data security processes and procedures; secure and use specialized software and systems to reduce the threat of data security breaches; regularly test the security of the company’s perimeters using penetration tests and other forensic methods; and document all data security procedures and controls.
  • The IT department will periodically conduct a risk assessment of the internal and external threats and vulnerabilities of ISET Institute’s data security environment.
  • Data security policies and associated activities will comply with legislative, regulatory and contractual requirements.
  • The IT department will provide data security education, training and awareness programs.
  • The IT department will enable disaster recovery capabilities in its data security controls.
  • The IT department will define the consequences of violating the data security policy.
  • The IT department will define how data security incidents are reported and managed.
  • Data in use at ISET Institute, whether at rest or in motion, must be encrypted.
  • ISET Institute employees must sign the employee contract agreeing to accept and comply with data security policies at the time they are hired and on a regular basis (e.g., annually) through the employee handbook and/or in contract renewals to account for policy changes over time.
  • All proposed changes to data security are to be documented in detail.

Additional policies
Additional policies that are part of ISET Institute ‘s overall data security policy may include, at management’s discretion, the following:

  • Data classification — Describes specific classifications of data, the levels of control at each level and the responsibilities of all potential users.
  • Acceptable use — Describes the organizational permissions for the use of IT and information-related resources.
  • End-user computing — Describes the parameters and use of desktop, mobile computing and other tools by ISET Institute employees.
  • Access control — Describes the method for defining and granting access to data resources to employees.

Applicability of other policies

  • This document is part of ISET Institute’s suite of IT policies. Other policies may apply to the topics covered in this document, and as such, the applicable policies should be reviewed as needed.

Data protection principles

If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2:

  1. Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
  1. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it. Our Company collects your data so that we can:
  • Process your order and manage your account.
  • Email you with special offers on other products and services we think you might like.
  • [Add how else your company uses data] If you agree, Our Company will share your data with companies so that they may offer you their products and services.
  • When Our Company processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.
  1. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
  2. Accuracy — You must keep personal data accurate and up to date.
  3. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose. Once this time period has expired, we will delete your data by [enter how you delete users’ data].
  4. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  5. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Data protection rights

Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access– You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification– You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
  • The right to erasure– You have the right to request that Our Company erase your personal data, under certain conditions.
  • The right to restrict processing– You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
  • The right to object to processing– You have the right to object to Our Company’s processing of your personal data, under certain conditions.
  • The right to data portability– You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:

Enforcement
This policy will be enforced by the IT department in partnership with the HR department.

Management and audit review
IT management will review and update IT policies on a quarterly basis and may launch a change management initiative to change the policy(ies). All ISET Institute IT policies will be available for review during scheduled IT audits.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact ISET Team on Contact: 03 9070 9031 or email: info@isetinstitute.com.