Interject Security PolicyEstimated reading time: 10 minutes
Interject provides software, consulting, and online services. The management of Interject is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout their organization to maintain legal, regulatory and contractual compliance and to safeguard business integrity and commercial reputation. To achieve this, Interject has implemented an information security policy (ISP) that is subject to routine systematic review and improvement. The ISP demonstrates Interject’s commitment to information security by:
- Budgeting for security management.
- Implementing appropriate security technology and high-availability, recoverable systems.
- Routinely evaluating and improving procedures related to security.
- Adopting and enforcing requisite policies and ensuring that employees are kept aware of the ISP and their responsibilities towards it via communication and training.
- Striving to maintain compliance with all applicable legal and industry requirements.
Interject leverages this ISP to support business objectives within their information systems and processes. The related policies and practices are implemented, communicated, and reviewed on a regular basis and reflect the executive management team’s commitment to information security. In the event of a breach of this policy, or any of its supporting policies, all information relating to the breach will be promptly reported and escalated to Interject management, including Interject’s Security and Privacy Officers as appropriate. Policies and practices are in place to govern the protection of each company’s information assets and any information assets of our customers (and others) that have been entrusted to Interject.
Information Security Policy
Report Formulas are used to direct data in and out of your spreadsheet reports and applications. This section will illustrate what is behind the scenes of interactive Interject worksheets so you can better understand how they adapt to your needs.
Interject employs staff whose responsibility includes the protection of information. In addition, it is the responsibility of all employees to be aware of information security issues within their daily work. To promote awareness, employees of Interject are provided with training on topics such as the company’s security policies, their responsibilities to protect the confidentiality of information entrusted to them, the appropriate use of resources, the extra care required for the protection of mobile devices, and other related topics.
Interject enters into confidentiality or non-disclosure agreements with their vendors, contractors, employees and clients to contractually safeguard personal and other confidential information belonging to Interject or in our custody.
Interject employees are exposed to confidential customer information and sometimes non-public private information about our customers’ employees and it is critical that we exercise appropriate best practices to ensure that no members of our staff represent a risk to this information. Criminal background checks will be administered on all new hires to ensure confidentiality and maintain appropriate records of these checks. Existing employees may, from time to time, be subject to additional or enhanced background checks as may be required to fulfill contractual requirements or changing industry standards.
Audits and Assessments
Regular risk assessments are performed internally to help Interject identify any potential risks to their information assets and to help prioritize efforts to mitigate those risks. Periodically, Interject may also engage external firms to perform more in-depth evaluations of their security controls. In addition to external reviews, internal tests are conducted on a regular basis to ensure compliance and verify control effectiveness.
All sites hosting information belonging to Interject (or information that is managed by Interject on the behalf of others) are secured. Such facilities are protected by physical security barriers and entry controls designed to prevent unauthorized access, damage, and interference. Environmental controls and uninterrupted power supplies are all in place, as are security cameras to monitor the facilities and all entrances to them.
Access to information, information processing facilities, and business processes are controlled on the basis of business and security requirements. Access control rules take into account the basic principle of “need-to-know” and the sensitivity of corporate and personal information. Layers of security controls limit access to information. These include controls at the network, application, operating system, and database levels. Passwords are used in conjunction with each of these layers; they are subject to defined password construction rules and must be changed at regular intervals. Password administration and management are controlled processes that generate automated audit records.
Data Communication Security
Technologies such as SSL (TLS), and IPsec are used to encrypt data when in transit over public networks. The use of such technologies is dependent upon the level of sensitivity of the information, both corporate and personal.
Computer Security Measures
Various security technologies are deployed within the infrastructures and include firewalls, anti-virus, antispyware, encryption, and intrusion detection systems and processes. In addition, remote work is provided through a secure remote desktop session or use of cloud applications to help ensure no data is stored on laptops or home computers. Security data is logged where applicable and regularly reviewed to identify policy violations and security incidents. Incidents are investigated to determine severity, root cause, and follow-up actions required. Measures to be taken to prevent re-occurrence are also identified and implemented as needed.
Disaster Prevention and Recovery
Adequate back-up procedures and testing exist to ensure that all essential information and software can be recovered following a disaster or media failure. Backup information is stored at a remote secure location, at a sufficient distance to escape any damage from a disaster at the primary site. Backup media is protected against unauthorized access, misuse or corruption during transportation beyond the data center boundaries. Combinations of preventive and recovery controls are implemented to help protect from harm due to loss of data or processing capabilities. These controls are designed based on an assessment of risk and are meant to keep the harmful effects of any outages to a minimum. The processes making up these control measures are tested on a regular basis.
updated March 2020