To meet the enterprise business objectives and ensure continuity of its operations, CCE Technologies Inc. (hereinafter “CCET”) shall adopt and follow well-defined and time-tested plans and procedures, to ensure that sensitive information is classified correctly and handled as per organizational policies. Information is considered as primary asset of an organization. An organization uses different types of information assets. The sensitivity of these information assets may vary and similarly, their handling mechanisms are also different.
CCET is in the business of providing a cloud-based productivity application or Software-as-a-Service (SaaS) offering that incorporates a repository of confidential information belonging to users of the application/service. The purpose of this policy is to ensure confidential information gathered as part of CCET’s conduct of business is protected from unauthorized use and disclosure. This policy helps to facilitate the identification of information to support routine disclosure and active dissemination of information. It also helps to protect the intellectual property of CCET.
This policy applies to all Managers, employees, contractors, and third party employees who have access to IT assets of CCET and may be bound by contractual agreements.
This policy applies to all information assets of CCET, and particularly to the information collection, storage, and handling related to the Clariti application.
The policy documentation shall consist of Information Classification and Handling Policy and related procedures & guidelines.
The Information Classification and Handling Policy document and all other referenced documents shall be controlled. Version control shall be to preserve the latest release and the previous version of any document. However, the previous version of the documents shall be retained only for a period of two years for legal and knowledge preservation purpose.
Records being generated as part of the Information Classification and Handling Policy shall be retained for a period of two years. Records shall be in hard copy or electronic media. The records shall be owned by the respective system administrators and shall be audited once a year.
The Information Classification and Handling Policy document shall be made available to all the employees covered in the scope. All the changes and new releases of this document shall be made available to the persons concerned. The maintenance responsibility of this document shall be with the Chief Information Security Officer (CISO) and website (www.clariti.app) administrator.
The Information Classification and Handling Policy document shall be considered as “Confidential” and shall be made available to the concerned persons with proper access control. Subsequent changes and versions of this document shall be controlled.
The CISO/designated personnel is responsible for proper implementation of the Information Classification and Handling Policy.
CCET uses four classifications for data: public, internal-only, confidential, and restricted.
Public data: This type of data is freely accessible to the public (i.e. all employees/company personnel). It can be freely used, reused, and redistributed without repercussions. An example might be first and last names, job descriptions, or press releases.
Internal-only data: This type of data is strictly accessible to internal company personnel or internal employees who are granted access. This might include internal-only memos or other communications, business plans, etc.
Confidential data: Access to confidential data requires specific authorization and/or clearance. Types of confidential data might include source code for software, performance data, subscription data, customer data submitted for debugging, data gathered for error identification, etc.
Restricted data: Restricted data includes data that, if compromised or accessed without authorization, could lead to criminal charges and massive legal fines or cause irreparable damage to the company. Among restricted data, customer and client authentication credentials are the most sensitive with potential to cause significant harm to the product and the company. Additional examples of restricted data include client, customer and other proprietary information stored in Clariti app databases that are protected by state and federal regulations.
Following are the policies for secure handling of information assets of CCET:
Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR policies in effect in CCET.
Version Number | Reason of Revision | Created by | Effective Date |
1.0 | Creation | K. Rajan | Oct 21, 2020 |
1.1 | Designation of Jayaraj R as CISO | K. Rajan | Jan 4, 2021 |