top of page

Data Privacy Policy

VB implements physical and logical access controls across its networks, IT systems and services to provide authorized, and appropriate user access, and to ensure appropriate preservation of data confidentiality, integrity and availability in accordance with the Information Security Policy requirement of the client. Access control systems are in place to protect the interests of all authorized users of V B Associates by providing a safe, secure and accessible environment in which to work.

 

This Policy Covers Network, IT Systems, Data & Authorized Users

 

VB will provide all employees, with on-site access to the information they need to carry out their responsibilities in an effective and efficient manner as possible.

 

Generic or group IDs shall not normally be permitted as means of access to VB data.

 

Authorization for the user is provided explicitly, Post completion & documentation by the Proprietor, and then the access credentials are created for the respective user. The Administrator and the support team guard against issuing privilege rights to entire team to prevent potential losses of confidentiality and / or integrity (such as may happen via Ransom ware attacks, which typically are able to encrypt user data after silently installing on a machine over which the user has admin privileges

 

Maintaining Data Security Level

 

Every user should understand the sensitivity of their data and treat them accordingly. Even if technical security mechanisms fail, every user should still attempt to maintain the security of data commensurate to their sensitivity. The Information Classification enables users to classify data appropriately and gives guidance on how to store it, irrespective of security mechanisms.

Users are consequently responsible for any such situations for ensuring that appropriate access to the data are maintained in accordance with the Information Security Policy and any other contractual obligations they may have to meet.

 

Access Control Authorization

 

Access to VB systems is given through unique user account and password with the required complexity

 

No Access to the third party is given with authentication, and the third party is escorted by the process staff/supervisor

 

By default, staff access/accounts will be deactivated post resignation and complete documentation of the access is recorded as per the Exit Process.​

 

Passwords 

 

Password issuing, strength requirements, and control will be managed through formal processes which are controlled by administrator, Password length, complexity and expiration times will be controlled through Windows Active Directory & Password Policy. Password Policy is further elaborated under Sensitive information handling Policy

 

Access to Confidential, Restricted and Internal Use information Access

 

‘Confidential’, ‘Restricted’ and ‘Internal Use’ information will be limited to authorized persons such as supervisors and back-end whose job or study responsibilities require it, as determined by law, contractual agreement or the Information Security Policy. The responsibility to implement access restrictions lies with the data and systems owners. Role-based access control will be used as the method to secure access

There are no restrictions on the access to ‘Public’ information.

 

Information Security Program

 

Program Objectives 

The objectives of this Information Security Program (“Program”) are as follows:

• Ensure the security and confidentiality of customer information. 

• Protect against any anticipated threats or hazards to the security and/or integrity of the customer information.

• Protect against unauthorized access to or use of the customer information that could result in substantial harm or inconvenience to any customer. 

The Proprietor of VB is the coordinator or the owner of the Program

bottom of page