Security policy

1. Purpose:
The purpose of this Security Policy is to protect Tiny Home Central’s assets, including information assets, physical assets, and employees, from all threats, whether internal or external, deliberate or accidental.

2. Scope:
This policy applies to all employees, contractors, and third-party service providers of Tiny Home Central, covering all physical and digital assets owned or used by the company.

3. Responsibility:

  • Management: Ensures the implementation of this security policy and allocates resources for its maintenance.
  • Employees: Are responsible for adhering to the policy in their day-to-day operations.
  • IT Department: Manages and safeguards all information systems and data.
  • Security Officer: Oversees the implementation of physical security measures.

4. Data Security:

  • Data Classification: All company data must be classified according to its sensitivity and criticality to the business operations.
  • Access Control: Access to information shall be restricted to authorized individuals based on their role and need-to-know basis.
  • Data Encryption: Sensitive data stored and transmitted must be encrypted.

5. Physical Security:

  • Facility Access: Access to Tiny Home Central facilities is controlled and monitored. Employees must display company ID badges, and visitors must be signed in and escorted.
  • Surveillance: Surveillance cameras are installed in strategic locations to monitor and record activities for security purposes.
  • Secure Areas: Critical areas, such as server rooms and document storage rooms, are secured with additional access control measures.

6. Cybersecurity:

  • Firewalls and Antivirus: Firewalls and antivirus software are installed on all network devices to protect against unauthorized access and malware.
  • Software Updates: Regular updates and patches are applied to all software to protect against security vulnerabilities.
  • Incident Response: A predefined incident response plan is in place to address any security breaches or incidents promptly.

7. Employee Training:

  • Security Awareness: All employees undergo regular security awareness training to understand potential security threats and how to prevent them.
  • Specific Training: Employees with specific security responsibilities receive additional training relevant to their role.

8. Third-Party Security:

  • Vendor Management: All third-party vendors are evaluated for their security practices before engagement, and contracts include security requirements.
  • Data Sharing: Sharing of company data with third parties must be approved and governed by a formal agreement that includes confidentiality and security clauses.

9. Policy Review and Updates:

  • This policy will be reviewed annually or following significant changes to the business or technology environment, to ensure its effectiveness and relevance.

10. Compliance and Enforcement:

  • Violations of this policy will result in disciplinary action, which may include termination of employment, legal action, and financial liability.