Security policy
Your security and privacy are our priority. Teiva Systems is committed to protecting the confidentiality, integrity, and security of any information we collect from you across our website, https://www.teivasystems.com/, and any other platforms we own and operate.
1. FRAMEWORK INFORMATION SECURITY POLICY of Teiva Systems UAB
This Framework information security policy (ISP) is a set of guidelines and procedures for protecting Teiva Systems UAB’s (also hereinafter referred to as the “Organization”) information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.
The ISP outlines the roles and responsibilities of personnel as well as the basic technical and organizational measures that should be implemented to safeguard the organization’s information.
This ISP also stipulates the basis of the incident management mechanisms.
2. Roles and Responsibilities of Personnel:
This ISP defines the roles and responsibilities of personnel in relation to information security. This includes management, IT staff, end-users, and other stakeholders.
Teiva management (CEO and CTO) team is responsible for establishing, maintaining, and enforcing the ISP.
Teiva employees and contractors are responsible for implementing and following the technical measures outlined in the ISP.
Other employees and individual contractors are responsible for complying with the ISP and reporting any security incidents.
Roles and responsibilities are clearly communicated to the personnel involved in the respective project, during the pre-employment and/or induction process.
In order to prevent unauthorised processing, copying and transfer of sensitive data of both the organization and its end-users.
Aссess to all confidential data of both the Organization and its counterparts shall be restricted and must be following the rule of leave possible privileges. Access privileges can be granted to Teiva employees and its counterparts based on project specifics and/or a motivated access request. Users should not have privileges to install unauthorized software and deactivate software applications critically important for project specifics (e.g. firewall, antivirus, intrusion detection systems, etc).
3. Basic technical measures
The ISP establishes basic technical measures to be implemented to protect the organization’s information assets.
These measures include:
passwords,
two-factor authentication,
role-based access controls,
encryption of sensitive data,
network security measures (such as firewalls and intrusion detection systems, as well as other respective measures as determined by the organization’s CEO),
regular software and system updates to prevent vulnerabilities;
access control (only the staff being directly on duty as for the certain project shall have access to the respective data related to this project);
data access control and processing records;
specific password policy that includes at least password length, complexity, validity period, as well as number of acceptable unsuccessful login attempts;
other technical measures as determined by the CEO and the CTO of Teiva Systems UAB.
Teiva obeys the valid sanction measures of the EU and the USA and implements them in its current operational activities.
4. Basic organizational measures
The basic organizational measures to support the technical stability and effectiveness of the organization include:
regular employee training and awareness programs,
incident response plans,
disaster recovery plans, and
regular security audits and assessments;
clear procedures for reporting security incidents and for investigating and responding to them;
monitoring and registration of access to IT systems,
internal IT and IT security governance and management.
5. Incident response plan
Incident response refers to the process of identifying, investigating, containing, and mitigating the effects of a security incident or breach.
The goal of incident response is to minimize damage, preserve evidence, and restore normal operations as quickly and effectively as possible.
An incident can include any unexpected or unauthorized activity that impacts confidentiality, integrity, or availability of information or systems. Common examples include network intrusions, malware infections, data breaches, and physical security breaches.
The incident response process typically includes the following stages:
Preparation: This involves defining the incident response plan, establishing roles and responsibilities, identifying key stakeholders, and preparing tools and resources.
Identification: This involves detecting potential security incidents through monitoring and alerting systems, user reports, and other sources.
Containment: This involves isolating the affected systems or data to prevent further damage, and gathering evidence to help identify the root cause of the incident.
Investigation: This involves analyzing the evidence and determining the scope and nature of the incident, including any data or systems that may have been compromised.
Remediation: This involves removing any malicious software, repairing or replacing affected systems, and restoring normal operations.
Lessons Learned: This involves reviewing the incident response process and identifying areas for improvement, including updating policies, procedures, and training materials.
Effective incident response requires a well-defined plan, clear communication channels, and a skilled team with the necessary expertise and resources to respond quickly and effectively to security incidents.
6. Final provisions
The CEO (Director) of the Company is its security officer ex officio, unless otherwise decided by the CEO of the Company.
The ISP is applicable to the Company’s subcontractors if it is legally implied by the agreement between the Company and the respective subcontractor.
The regular audit of compliance of the staff with the ISP should be carried out.
Upon termination of the legal relations between the and contractors, all the rights and responsibilities in the sphere of data access and processing shall be revocated.
The ISP may be detailed or updated upon request of the Company’s customer subject to Teiva is actually able to ensure implementation of the respective technical measures.
The ISP undergoes review and, if necessary, additions on the annual basis.
