The Visualware Information Security and Privacy Policy defines what is expected of employees, including all personnel affiliated with third parties authorized to work for or with the Company when receiving, transmitting, or using information, regardless of the information source and ownership. All information and forms of information, including but not limited to paper, digital, audio, and image/video, are covered under this policy.
Public
Public information assets are defined as data that is freely available for access by any person, regardless of whether the person works for the organization or is an individual providing the information. For example, public websites, publicity campaigns, and media information published for public consumption, such as a press release, etc.
Internal Use
Internal use data assets are defined as information that is released to the Company or by the Company in the course of conducting its business. Such information is to be used only for internal purposes and must not be provided to any person(s) not directly employed by the Company. For example, this may include support data provided for a technical support ticket, email exchanges, shared online meeting information, or internal Company information provided to employees for the purpose of conducting business.
Confidential
Confidential information assets are defined as information that is provided to the Company or by the Company in the course of conducting its business, where the audience is intentionally limited because of confidentiality concerns. Essentially, this is information that is provided on a need-to-know basis. For example, information from a private desktop computer or financial information presented in a meeting for only those attending. This includes information provided under the expectation of an NDA.
Restricted/Highly Sensitive
Information assets provided to a select Company audience and shared strictly under the terms of 'professional trust' must not be given to any persons outside of that audience unless authorized in writing by the information owner. If the person providing this sensitive information is not the information owner, then the information should be declined. For example, security credentials to access a private computer or application, cyber encryption keys, strategic business information that would be valuable to a competitor, internal Company financials, or sensitive employment or personnel information.
Email Information Assets
Email services will routinely, directly or indirectly, contain information that originates from outside the Company. All company computer devices, including mobile devices, submitted to Sysadmin for network access approval will be required to have local data encryption enabled by default. No computer device will be approved for access to any Company network subnet without local data encryption being enabled.
Digital Information Asset Retention
With the exception of email, all digital information asset retention periods submitted will inherit the following maximum retention periods unless otherwise approved in writing.
Non-Digital Information Assets
Any information assets provided as documents must be converted and stored in digital form. If documents are also required to be retained in their original form, they must be clearly marked with the information grade and the acceptance date before the documents are submitted to line management for secure filing. Otherwise, all non-digital information assets must be marked as 'not retained [dated]' and returned to the information owner.
Information Asset Auditing
Digital information assets will be reviewed weekly by System Administration. If information assets are found to be incorrectly graded, including the retention period, an 'information' violation IR will be escalated to the line manager for review.
All information assets marked to expire that are still required for the intended purpose, for which the information was provided, such as an open support ticket, must have a retention extension approval confirmed in writing before the retention deadline. All information assets that exceed the allocated retention period will be deleted without further notice.
CCPA/GDPR Compliance
Visualware solutions and website assets are fully compliant with CCPA/GDPR requirements for protecting personal data.
The CCPA defines personal information as "information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household."
The GDPR defines personal data as "any information relating to an identified or identifiable natural person (data subject), directly or indirectly, in particular by reference to an identifier."
Please review the information security document.
This entire website is Copyright © 1997-2024 Visualware, Inc. All Rights Reserved. No portion of this website may be reproduced without prior written permission from Visualware. All Visualware products and product license keys are Copyright © 1997-2024 Visualware, Inc. All Rights Reserved. You may not run cracked versions of our software. If you do, you are breaking the law and will be reported.
MyConnection Server, MySpeed, and NetQCheck are registered trademarks of Visualware, Inc. Other product names and brand names are trademarks of their respective holders.