Last Updated: 14/04/2024
At Bizotic Finance, we prioritize the security and proper handling of institutional data. Our data storage policy is designed to ensure that all data is managed according to its sensitivity, specific requirements, and industry best practices. We use data classification to guide decisions about storage and retention, ensuring that unnecessary or outdated data is removed from operational locations.
Key Guidelines:
- Data Classification: We classify data based on its sensitivity and importance. This helps us make informed decisions about where and how to store it.
- Protected Storage: Data classified as "Protected Confidential" is stored only in approved locations and on approved equipment. Employees are prohibited from creating duplicate copies or shadow files of authoritative data resources.
- Backups and Off-site Storage: All data stored on our IT resources is regularly backed up according to classification standards. Backups of confidential data are taken off-site or securely stored off-site, and any backup media containing confidential data is encrypted.
- Data Retention: Data Stewards and Managers ensure that required data is always accessible. Procedures are in place to retain data as backup media ages, supported media changes, and security controls are updated.
- Data Disposal: We continuously review the necessity of retaining operational and archived data. Data no longer needed for routine operations is securely destroyed in a timely manner, following state record retention policies.
Additional Guidelines:
- Paper-based data should be securely stored to prevent unauthorized access and disposed of through shredding when no longer needed.
- Electronically stored data must be protected against unauthorized access and cyber threats, with periodic password changes and secure storage of removable media.
- Data should only be stored on designated drives and servers, with servers containing personal data located in secure environments.
- Regular backups and testing are conducted according to company procedures, with all servers and computers equipped with approved security software and firewalls.
By adhering to these guidelines, we ensure the integrity, confidentiality, and security of our institutional data at Bizotic Finance.