INKTEO LLC
10611 Harwin Dr. #406, Houston, TX 77036
Phone: 832-271-4479 | Email: [email protected]

1. Purpose

The purpose of this Information Security Policy is to establish guidelines for protecting INKTEO LLC’s information assets, ensuring confidentiality, integrity, and availability of data, and complying with legal and regulatory requirements.

2. Scope

This policy applies to all employees, contractors, vendors, and any other parties who access or manage INKTEO LLC’s information systems, physical locations, or data.

3. Policy Statement

3.1 Information Classification

• Information is classified as Confidential, Internal, or Public.
• Confidential information includes customer data, financial information, trade secrets, and other sensitive business data.
• Access to information is restricted based on job roles and responsibilities.

3.2 Access Control

• Access to systems and data is granted on a need-to-know basis.
• All users must use unique IDs and strong passwords.
• Multi-factor authentication is mandatory for accessing critical systems.

3.3 Data Protection

• Encryption is required for sensitive data in transit and at rest.
• Backups of critical data must be performed regularly and stored securely.
• Personal devices used for work must comply with INKTEO’s security standards.

3.4 Network Security

• Firewalls, intrusion detection systems, and antivirus solutions must be in place and updated regularly.
• Wi-Fi networks must use strong encryption (e.g., WPA3) and require unique passwords.
• Remote access must occur through a secure VPN.

3.5 Physical Security

• Access to office premises is controlled through key cards or biometric systems.
• Sensitive documents and media must be stored in locked, secure locations.
• Unauthorized personnel are not allowed in restricted areas.

3.6 Incident Response

• All security incidents must be reported to the Information Security Officer (ISO) immediately.
• A documented incident response plan will be followed to mitigate risks, investigate, and resolve incidents.
• Post-incident reviews will identify lessons learned and prevent recurrence.

3.7 Employee Awareness and Training

• All employees must undergo annual information security training.
• Regular phishing and security awareness campaigns will be conducted.
• Employees must sign confidentiality agreements and acknowledge understanding of security policies.

3.8 Third-Party Management

• Vendors and contractors must adhere to INKTEO LLC’s security requirements.
• Data-sharing agreements must outline security expectations and compliance requirements.
• Regular audits will ensure third-party compliance with INKTEO’s policies.

3.9 Compliance

• This policy complies with applicable laws, including but not limited to GDPR, HIPAA, and CCPA.
• Regular reviews will ensure ongoing compliance with evolving legal and regulatory requirements.

4. Roles and Responsibilities

• Information Security Officer (ISO): Oversees the implementation and maintenance of the security policy.
• Employees: Adhere to security policies and report any potential breaches.
• IT Department: Ensures technical controls are implemented and updated.

5. Monitoring and Review

• This policy will be reviewed annually or after any significant changes in technology, threats, or regulations.
• Regular audits and vulnerability assessments will ensure adherence to the policy.

6. Policy Violations

• Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.
• Legal action may be pursued for intentional breaches or negligence.

Approval:
Name: Kevin Atlig
Title: Manager
Date: 01.11.2024

For questions or concerns regarding this policy, please contact the Information Security Officer at [email protected] or 832-271-4479.