- Overview
ShowsHappening is committed to maintaining the confidentiality, integrity, and availability of its information assets. This policy outlines the measures to be taken to ensure the security of ShowsHappening's operations and prevent unauthorized access, use, disclosure, or modification of its information assets.
- Scope
This policy applies to all employees who create, access, store, process, or transmit ShowsHappening's information assets.
- Operational Security Procedures
3.1 Access Control
Access to ShowsHappening's information assets will be restricted to authorized personnel based on the principle of least privilege. Access control mechanisms, such as passwords, two-factor authentication, and access control lists, will be used to ensure that only authorized personnel can access ShowsHappening's information assets.
3.2 Information Security Awareness
ShowsHappening will provide regular information security training to all employees to ensure that they understand the importance of security and their role in maintaining it.
3.3 Physical Security
ShowsHappening will ensure that its physical premises are secure and that access to them is restricted to authorized personnel. Security measures such as locks, alarms, and surveillance cameras will be used to protect ShowsHappening's physical assets.
3.4 Incident Management
ShowsHappening will establish an incident management process to ensure that any security incidents are identified, reported, and responded to promptly. This process will include procedures for incident detection, investigation, containment, and recovery.
3.5 Backup and Recovery
ShowsHappening will ensure that its information assets are backed up regularly and that backup copies are stored securely. A recovery plan will be developed and tested regularly to ensure that ShowsHappening can recover its information assets in the event of a disaster.
- Compliance
ShowsHappening is committed to complying with all relevant regulations, laws, and standards. This policy will be reviewed and updated periodically to ensure that it complies with any changes in regulations or industry standards.
- Policy Enforcement
Failure to comply with this policy may result in disciplinary action, up to and including termination of employment. Any suspected violations of this policy should be reported to the employee's manager or the Chief Information Officer (CIO).
- Policy Review
This policy will be reviewed annually to ensure that it is still relevant and effective. Any changes to this policy must be approved by the CIO or their delegate.