Security Policy
Devoteam Cloud Managed Services Information Security Policy
Policy Owner: CISO Cloud Managed Services Approved by: Management Board Release: version 1.1 Valid from: 2024-09-02 Applicability / Disclosure: Public disclosure (published on the INSIGHT web page)
Purpose
The purpose of this policy is to direct the design, implementation, and management of an effective Information Security Program, which ensures that Devoteam Cloud Managed Services’s (after Company) information assets are appropriately identified, recorded, and always afforded suitable protection. This document sets forth certain principles regarding the responsible use of information by Devoteam Cloud Managed Services and outlines the roles and responsibilities of personnel to protect the confidentiality, integrity, and availability of Company resources and data, also, not limited to:
Ensure that operation of and access to Company Information Systems are conducted in a manner that protects Company Information from unauthorized disclosure or access.
Provide executive direction and support within the Company for the management of information security in accordance with business requirements, relevant laws, and regulations.
Alongside the Information Security Risk Management Standard and Privacy and Data Protection Policy to provide the high-level direction and justification for Devoteam Cloud Managed Services’s risk-based information security controls.
Goals and corresponding Objectives
Compliance
Maintain adherence to all relevant legal, regulatory, and contractual obligations.
Goal:
Conduct annual internal compliance audits to verify adherence to ISO 27001.
Address any non-compliance issues within 90 days of identification.
Security Awareness and Training
Improve information security knowledge and practices among employees.
Goal:
Ensure 100% of employees complete security awareness training annually.
Conduct regular phishing simulations, aiming to reduce the click-through rate by 50%.
Business Continuity and Disaster Recovery
Enhance resilience to ensure minimal disruption in case of incidents.
Goal:
Test disaster recovery procedures annually and update them as needed based on test results.
Maintain resilience against disruptions through effective business continuity and disaster recovery plans.
Improve Access Control
Restrict access to sensitive data and systems to only authorized personnel.
Goal:
Implement multi-factor authentication (MFA) across all critical systems within six months and conduct quarterly access reviews.
Achieve 100% adherence to role-based access control policies by implementing automated access management tools.
Improve Incident Response Times
Reduce the time taken to detect, respond to, and resolve security incidents.
Goal:
Detect and resolve 90% of incidents within a specified SLA (e.g., within 24 hours).
Minimize Risk Exposure
Identify, assess, and mitigate key security risks within the organization.
Goal:
Conduct annual risk assessments, with risk treatment plans implemented within 60 days of discovery.
Conduct annual risk assessments to keep risk evaluations current.
Scope
This policy covers Devoteam Cloud Managed Services’s information and information systems, including information and information systems used, managed, or operated by a contractor or other vendors and applicable to all Company employees, contractors, and other users of Company’s information and information systems for the Cloud based solutions, cloud services, Cloud migration and operation solutions.
COMMITMENT
Devoteam Cloud Managed Services’s management commits to a continual improvement of the information security management system to satisfy applicable requirements related to information security.
COMPLIANCE
Compliance with the controls in this policy will be monitored by the Information Security team and reported to Devoteam Cloud Managed Services’s Management team.
POLICY STATEMENT
Confidentiality – information will be accessible only to authorized individuals.
Integrity – the accuracy and completeness of information will be maintained.
Availability – information will be accessible to authorized users and processes when required.
Devoteam Cloud Managed Services has implemented an Information Security Management System based on the ISO/IEC 27001:2022 International Standard for Information Security.
We have made technical and organizational security measures to protect your information against being accidentally or illegally deleted, being published, being lost, being degraded, getting into the hands of unauthorized people, being misused or in any other way illegally handled.
Devoteam Cloud Managed Services has implemented technology, management processes and policies aimed to maintain data accuracy. According to applicable laws, Company provides individuals with reasonable access to personal information that they provided to Company and the ability to review and correct the data or ask for anonymization, blockage, or deletion, as applicable. To protect your privacy and security, we take steps to verify your identity before granting access to your data. In case of any questions or concerns related to your personal data, please contact our Data Protection: devoteam.cms.privacy@devoteam.com.
Definitions
For the purposes of Security Policy:
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to UAB Devoteam Lithuania, Konstitucijos pr. 18B, B korpusas, LT-09308 Vilnius, an affiliate of Devoteam SAS a company organised and existing under the laws of France having its registered office at 73 rue Anatole, 92300 Levallois Perret, France.
Country refers to: Lithuania or France were applicable
Website (or INSIGHT ) refers to Cloud Management Portal, accessible from https://insight.devoteam.com. Term 'Service' was specifically removed as not to confuse with other Devoteam Managed or Professional Services.
You (or User of Website or User) refers to the individual accessing or using the Website, or the company, or other legal entity on behalf of which such individual is accessing or using the Website, as applicable.
Last updated