Security Policy
The Isosceles Group complies with required Federal and international laws and regulations, as well as the Commonwealth of Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00. Isosceles has a Written Information Security Plan (WISP) describing the procedures we have in place to maximize the protection of its clients’ and subcontractors’ data and its employees’ personal information.
Isosceles employees are aware of and agree to comply with the confidentiality standards described in the Plan. Employees and contractors of Isosceles are also bound by non-disclosure agreements. Regular training is provided on the latest developments in computer security and potential new cyberattack threats.
Isosceles complies with generally accepted best practices for secure communications and prevention of cyberattacks, including, but not limited to, the following:
In addition to the cyber security measures discussed above, Isosceles also maintains security protocols for physical documents that contain personal data and information. This includes storing such information under lock and key and securely destroying such information when no longer needed by Isosceles. Personal data and information is only accessible by those whose duties require access to it. Access to all personal data and information is immediately revoked when it is no longer needed by a particular person.
Last updated May 24, 2018
Isosceles employees are aware of and agree to comply with the confidentiality standards described in the Plan. Employees and contractors of Isosceles are also bound by non-disclosure agreements. Regular training is provided on the latest developments in computer security and potential new cyberattack threats.
Isosceles complies with generally accepted best practices for secure communications and prevention of cyberattacks, including, but not limited to, the following:
- All network devices and individual workstations are firewall protected and kept current with automatic updates and patches to avoid software vulnerabilities that can be exploited though outdated software.
- Regular reviews of anti-virus software are conducted to ensure that it is current with the most up-to-date and effective anti-ransomware and anti-malware features.
- Computer network hardware is in a locked location accessible only to the network administrator.
- A server backup is maintained and externally stored in a secure location on encrypted portable hard drives Successful backup is verified daily by the network administrator.
- Granular permissions are in place to ensure that access to client and subcontractor information is restricted to specific users.
- Segregated client drives are in place for those that request it to add a further level of security.
- Personal information is only accessible to those who require it to conduct their work.
- Password requirements are in accordance with industry standards.
- Email is filtered and blocked to identify spam and potentially malicious email.
- Employees are trained on the importance of computer hygiene to avoid possible infection of the system through email attachments, web-browsing and downloads.
- Employees are trained on the importance of maintaining confidentiality and how to handle personal information if they come across it.
- IT access is immediately revoked for departing employees.
- All computers are equipped with a file shredder for permanent deletion of confidential electronic documents when required.
- Remote access to the Isosceles network drives is restricted through granular permissions and two-factor authentication. Isosceles uses a private SSL Certificate for enhanced online security.
In addition to the cyber security measures discussed above, Isosceles also maintains security protocols for physical documents that contain personal data and information. This includes storing such information under lock and key and securely destroying such information when no longer needed by Isosceles. Personal data and information is only accessible by those whose duties require access to it. Access to all personal data and information is immediately revoked when it is no longer needed by a particular person.
Last updated May 24, 2018