Defines the appropriate use of Sophus systems, tools, equipment, and data to safeguard critical information.

Ensures that access to Sophus assets is managed based on business and security requirements.

Provides a framework to maintain operational continuity and facilitate recovery in case of disruptions.

Establishes guidelines for implementing IT operational changes securely, efficiently, and with minimal risk.

Defines expected professional conduct to promote a respectful and collaborative workplace.

Defines the procedures for securely backing up critical data and implementing recovery strategies to ensure data availability and integrity.

Outlines a structured approach for classifying data based on sensitivity and defining retention periods to comply with legal, regulatory, and business requirements.

Establishes encryption requirements for data at rest and in transit to enhance security and compliance.

Defines processes for promptly detecting, reporting, assessing, and resolving security incidents to minimize impact and ensure timely remediation.

Establishes guidelines for protecting Sophus information assets, ensuring confidentiality, integrity, and availability of data.

Ensures secure disposal of electronic and physical media to prevent unauthorized data exposure and potential breaches.

Establishes standards for password creation, management, and protection to enhance security and prevent unauthorized access.

Outlines measures to safeguard physical infrastructure, facilities, and workspace security to prevent unauthorized access.

Defines a structured approach for identifying, assessing, and managing risks that could impact Sophus business objectives and security posture.

Establishes guidelines for evaluating, onboarding, and managing vendor relationships to ensure data security and compliance with regulatory requirements.

Defines protocols for identifying, assessing, and mitigating security vulnerabilities through a structured patch management process.

Defines security measures applicable throughout the employment lifecycle, from hiring to termination, to mitigate insider threats and ensure compliance.

Specifies protocols for timely identification, containment, reporting, and notification of data breaches to minimize risk and ensure compliance with regulatory requirements.

Establishes procedures for maintaining organizational resilience and ensuring continued operations during prolonged service disruptions.

Outlines protocols for classifying, tracking, protecting, and managing Sophus assets throughout their lifecycle to prevent unauthorized access or loss.

Ensures adherence to statutory, regulatory, and contractual compliance requirements, including security and privacy obligations.

Defines security requirements and best practices for secure software development, acquisition, and maintenance to integrate security throughout the software lifecycle.

ISO 27001 certification issued by an independent third-party auditor to demonstrate compliance with information security best practices.

In Progress

Provides insights into security vulnerabilities identified during periodic assessments and recommended remediation steps.

Documents the findings of penetration testing exercises and recommended mitigation measures.

Refer to the attached network architecture document for an overview of network design, security controls, and segmentation.

Documents the high-level system design, data flow, and security measures incorporated into Sophus products to ensure security and compliance.

Refer to the Privacy Policy available online for details on how Sophus manages and protects user data.