Information Policy
Introduction
RISC’ Information Security Policy outlines the principles and guidelines for safeguarding personal data in compliance with the General Data Protection Regulation (GDPR). RISC recognizes the importance of protecting the privacy rights of individuals and is committed to ensuring that personal data is processed lawfully, fairly, and transparently.
​
Scope
This policy applies to all personal data processed by RISC, whether collected from associates, employees, end-users or other individuals, regardless of format or location.
​
Information Security Objectives
-
Ensure the confidentiality, integrity, and availability of personal data by implementing appropriate technical and organizational measures;
-
Comply with the principles of data protection outlined in the GDPR, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality;
-
Respect the rights of data subjects, including the right to access, rectification, erasure, restriction of processing, data portability, and objection;
-
Obtain valid consent for the processing of personal data when required, and provide individuals with clear and easily accessible information about how their data will be used;
-
Implement measures to detect, report, and investigate data breaches in a timely manner, and notify the relevant supervisory authority and affected individuals as required by the GDPR.
​
Protection of Personal Data
-
Personal data shall only be processed for specified, explicit, and legitimate purposes, and shall not be further processed in a manner that is incompatible with those purposes;
-
Access to personal data shall be restricted to authorized personnel who require access to perform their job duties, and appropriate access controls shall be implemented to prevent unauthorized disclosure or misuse;
-
Personal data shall be kept accurate and up-to-date, and measures shall be taken to rectify or erase inaccurate or outdated data without delay΄
-
Personal data shall be stored securely, using encryption and other appropriate measures to protect against unauthorized access, disclosure, alteration, or destruction΄
-
Personal data shall not be transferred to third countries or international organizations unless adequate safeguards are in place to ensure an equivalent level of data protection as required by the GDPR;
-
Data subjects shall be provided with transparent information about the processing of their personal data, including the legal basis for processing, the purposes of processing, and their rights under the GDPR.
​
Policy Review
This Information Security Policy shall be reviewed annually and updated as necessary to address changes in technology, business processes, and regulatory requirements. Any amendments to this policy shall be communicated to all relevant stakeholders, and employees shall receive periodic training to ensure compliance.
​
Compliance and Enforcement
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract. All employees are responsible for reporting any suspected violations of this policy to their supervisor or the designated information security officer.
​
Conclusion
Protecting the confidentiality, integrity, and availability of information assets is essential to the success and reputation of RISC. By adhering to the principles and guidelines outlined in this policy, we demonstrate our commitment to maintaining the highest standards of information security.
Date of Last Review: June 2024
---------------------
​
​
Gender Equality
​
Coming Soon
​
​
---------------------
​
​