Information Security Policy

Baltserviss is committed to maintaining the security, confidentiality, and integrity of our customers' and employees' personal and sensitive information. This Information Security Policy outlines our policies and procedures to protect information assets from unauthorized access, use, disclosure, destruction or modification.

Scope

This policy applies to all employees, contractors, consultants, vendors, and other authorized users who have access to Baltserviss's information assets, including but not limited to:

• Electronic information and communications systems
• Physical documents and records
• Mobile devices, laptops, and other computing devices
• Networks and information systems
• Cloud services and third-party applications

Security Controls

Baltserviss implements the following security controls to safeguard our information assets:

• Access controls: We use access controls such as passwords, two-factor authentication, and least privilege to limit access to information assets to only authorized users.
• Data protection: We use encryption, backups, and disaster recovery plans to protect data in transit and at rest.
• Security awareness: We provide security awareness training to employees and contractors to educate them on information security best practices.
• Incident response: We have an incident response plan in place to detect, respond, and recover from security incidents.
• Vendor management: We perform due diligence and monitor third-party vendors' security practices to ensure the security of our information assets.

Compliance

Baltserviss complies with all applicable laws, regulations, and industry standards related to information security, including but not limited to:

• The General Data Protection Regulation (GDPR)
• The California Consumer Privacy Act (CCPA)
• The Health Insurance Portability and Accountability Act (HIPAA)
• The Payment Card Industry Data Security Standard (PCI DSS)

Enforcement

All employees, contractors, consultants, vendors, and other authorized users are expected to comply with this Information Security Policy. Failure to comply with this policy may result in disciplinary action, up to and including termination of employment or contract.

Contact Us

If you have any questions about this Information Security Policy, please contact us at info@baltserviss.com.