This document defines the data security policy of SoKap Community Networks Inc. ("SoKap") as it related to its website sokap.com. SoKap takes the privacy of our employees and the members of SoKap listed projects very seriously. To ensure that we are protecting our corporate and client data from security breaches, this policy must be followed and will be enforced to the fullest extent.
The goal of this policy is to inform employees and contractors at SoKap of the rules and procedures relating to data security compliance.
The data covered by this policy includes, but is not limited to, all electronic information found in e-mail, databases, applications and other media; paper information, such as hard copies of electronic data, employee files, internal memos, and so on.
This policy applies to all employees, management, contractors, vendors, business partners and any other parties who have access to company data.
SoKap deals with two main kinds of data:
SoKap's data is comprised of four (4) classifications of information:
Employees may send or communicate a public/unclassified piece of data with anyone inside or outside of the company.
All information not otherwise classified will be assumed to be Private.Employees may not disclose private data to anyone who is not a current employee of the company.
Employees may only share confidential data within the department or named distribution list.
Secret/restricted data cannot be disclosed by anyone other than the original author, owner or distributor.
It is the responsibility of everyone who works at SoKap to protect our data. Even unintentional abuse of classified data will be considered punishable in accordance with the extent and frequency of the abuse.
All employees are responsible for adhering to the policy and reporting any activities that do not comply with this policy.
Management is responsible for ensuring that their direct reports understand the scope and implications of this policy. Human Resources must also ensure that all employees have a signed copy of this policy in their file.
Security staff will be monitoring data for any unauthorized activity and are responsible for updating access requirements as needed.
Any employee who authors or generates corporate or client data must classify that data according to the criteria outlined above.
Ownership of this policy falls to the Chief Financial Officer ("CFO"). For any questions about this policy, or to report misuse of corporate or personal data, please contact the CFO at the telephone number or email address provided in the staff directory. The Chief Technology Officer ("CTO") will work in conjunction with the CFO to maintain data access privileges, which will be updated as required when an employee joins or leaves the company.
These are the accepted technologies SoKap uses to enforce and ensure data security:
Management is responsible for keeping this policy current. This policy will be reviewed annually or as circumstances arise.
Also annually, a full security audit will be performed by a Security Team selected by the CTO and CFO to ensure that the policy is properly aligned with company directives, third party security requirements and legislated security requirements.
Employees found to be in violation of this policy by either unintentionally or maliciously stealing, using or otherwise compromising corporate or personal data may be subject to disciplinary action up to and including termination.