Cordatus Data Security

Introduction

Cordatus Resource Group is committed to maintaining the confidentiality, integrity, and availability of all sensitive and confidential information. This Data Security page outlines the data security practices we follow to ensure the security and protection of data collected, processed, and stored by our company.

Scope

This policy applies to all employees, contractors, partners, and third parties who have access to our company’s data, systems, and information.

Data Classification

We classify data into different categories based on sensitivity and criticality:

Confidential Data: Data that requires the highest level of protection due to its sensitivity, such as personal information, financial data, intellectual property, and trade secrets.

Internal Data: Data that is not publicly available but is less sensitive than confidential data, including internal communications and non-sensitive business information.

Public Data: Data that can be shared publicly without any risk, such as general marketing materials and publicly available information through platforms such as the website.

Responsibilities

Management: Management is responsible for setting the overall data security strategy, ensuring compliance with relevant laws and regulations, and allocating resources for data security initiatives.

Employees: All employees are responsible for following data security practices, reporting security incidents, and participating in data security training.

Data Security Measures

Access Control: Access to data is granted based on the principle of least privilege. Users are granted access only to the data necessary for their roles and responsibilities.

Encryption: All data is encrypted at rest and in transit using industry-standard encryption methods.

Authentication and Authorization: Strong authentication mechanisms are implemented to ensure that only authorized individuals can access data. User access is regularly reviewed and updated.

Network Security: Firewalls, intrusion detection systems, and other security measures are implemented to protect our network infrastructure.

Regular Audits: Regular Information Security audits and assessments are conducted to identify vulnerabilities and weaknesses in our systems and processes.

Incident Response: An incident response plan is in place to promptly address and mitigate security breaches, including communication, containment, eradication, and recovery procedures.

Data Handling and Storage

Data Retention: Data is retained only for as long as required by law or business need. Outdated data is securely disposed of.

Third-Party Providers: When engaging third-party providers, we ensure that they meet our data security standards and adhere to applicable regulations.

Training and Awareness

Training: Employees receive regular data security training to ensure they are aware of best practices, know their responsibilities regarding data security, and know how to identify security threats.

Awareness: We promote a culture of data security awareness to ensure that all employees recognize their role in safeguarding company data.

Compliance & Certifications

Cordatus Resource Group is SOC II, Type 1 certified.  We are committed to complying with all relevant data protection and privacy laws and regulations applicable in our operating regions.

Policy Review

Our Data Security policies are subject to regular review and may be updated to reflect changes in technology, business practices, or legal requirements.

Contact Information

If you have any questions or concerns regarding this Data Security Policy, please contact admin@cordatusrg.com