[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”grid” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern” background_color=”#f1f3f4″ padding_top=”29″ padding_bottom=”6″ css=”.vc_custom_1629072987568{padding-top: 30px !important;padding-bottom: 30px !important;background-color: #ffffff !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” z_index=””][vc_column][vc_column_text]<\/p>\n
Data and Information Security Policy ><\/span><\/span><\/p>\n [\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”grid” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern” background_color=”#f1f3f4″ padding_top=”29″ padding_bottom=”29″ css=”.vc_custom_1630945558037{padding-top: 80px !important;padding-bottom: 80px !important;background-image: url(http:\/\/pragmandt.com\/wp-content\/uploads\/2021\/08\/slider-2-1.jpg?id=15464) !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” z_index=””][vc_column][vc_single_image image=”15543″ img_size=”full” qode_css_animation=”” css=”.vc_custom_1629992358596{padding-bottom: 5px !important;padding-left: 2px !important;}”][vc_column_text]<\/p>\n [\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”grid” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern” z_index=”” css=”.vc_custom_1630954723404{padding-top: 70px !important;padding-bottom: 70px !important;}”][vc_column][vc_column_text]1. Introduction<\/span><\/strong><\/p>\n The Customers of PRAGMA may want to share very sensitive data and information (\u201cThe Data\u201d), from time to time.\u00a0 This data should be treated with a very high care, regardless of explicit mention of confidentiality.\u00a0 All PRAGMA employees must abide to this Policy, in direct relationship to their employment contract and confidentiality agreement.\u00a0 All PRAGMA collaborators (suppliers, subcontractors, consultants, etc.) that would eventually be in contact with the said Data must also abide to this Policy, in direct relationship to their involvement contract and confidentiality agreement.<\/span><\/p>\n This Policy is a strict code of conduct established by PRAGMA management (\u201cThe Management\u201d).\u00a0 A contravention to this code may be grounds for termination of employment or contract, without notice, and with possible legal action.<\/strong><\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]2. NDA<\/span><\/strong><\/p>\n Normally, most Customers will request to sign an NDA before exchanging information. Before receiving the Data, it\u2019s important to ask if there\u2019s a signed NDA between the Customer and PRAGMA. <\/span><\/p>\n Regardless of a signed NDA, PRAGMA email signatures commit to basic confidentiality of information.<\/span>[\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]3. Need-to-Know Basis<\/span><\/strong><\/p>\n Before a Customer is about to share the Data, it\u2019s important to ask if there\u2019s a \u201cneed to know\u201d in the first place.\u00a0 If possible, it\u2019s preferable to avoid to receive the Data.\u00a0 If possible, it\u2019s preferable to use alternate solutions.<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]4. Criticality of Disclosure<\/span><\/strong><\/p>\n If the Customer really needs to send the Data, then it\u2019s important to ask prior the degree of criticality.\u00a0 PRAGMA establishes the following degrees of criticality:<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]5. Workstation & Sharing<\/span><\/strong><\/p>\n All PRAGMA employees and collaborators must make sure that their computers, operating systems and installed applications are configured such that no breach of security can happen.\u00a0 Screen sharing and remote-control technologies (ex: Teams, Zoom, Skype, TeamViewer, etc.) are tolerated for productivity reasons, but employees should limit the visual disclosure of the Data according to the Degree of Criticality.<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]6. Portable Media<\/span><\/strong><\/p>\n Customer Data should not stay on portable media (ex: USB sticks, external SSD drives) for a long period of time.\u00a0 After the need for portability, the data should be stored adequately on the file server of the company, depending on the Degree of Criticality.<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]7. Cloud<\/span><\/strong><\/p>\n If the Degree of Criticality allows it, Customer Data can be archived on PRAGMA\u2019s cloud system (Microsoft Sharepoint, OneDrive, Teams).<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]8. Software Code<\/span><\/strong><\/p>\n The software developed by PRAGMA and the third-party libraries it uses must not contain security breaches such as backdoors, \u201cEaster Eggs\u201d, malware or any other means of diverting Customer Data to an undeclared, unauthorized target destination or media.\u00a0 PRAGMA software products that are meant to run on Windows PC must not take benefit of any known weaknesses of Windows\u2019 operating system to implement or allow the security breaches described above.\u00a0 PRAGMA software products running on embedded CPU must not record Customer Data inside the embedded memory (Flash, EEPROM, etc.).<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]9. Disclosure of Incidents<\/span><\/strong><\/p>\n If a human error caused a possible breach of security in contravention with this Policy, the Management of PRAGMA should be made aware.\u00a0 The latter will assess the possible breach and if confirmed, will inform the Customer of the incident and the actions that were taken.<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]10. Destruction of Data<\/span><\/strong><\/p>\n Whenever a Customer is requesting the destruction of the Data, the Administration must be informed.\u00a0 Within 5 days, the Management should confirm the scope of destruction and reconfirm the Customer desire.\u00a0 Within 2 days of a Customer reconfirmation, the Data must be completely deleted from all media (server, USB sticks, cloud, etc.).\u00a0 An email confirmation must be provided afterwards to the Customer, with conform copy to the Management.<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]11. Right for Audit<\/span><\/strong><\/p>\n The Customer can request an audit on the respect of this Policy to their Data, if the Customer bears the related costs.\u00a0 Such audit can include the review of documentation, emails, media content, hacking tests (aka. Intrusive Testing), and more.\u00a0 The scope of audit, the dates, the individuals, the modus operandi and the costs would have to be agreed beforehand, with adequate notice to PRAGMA.<\/span><\/p>\n [\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][vc_column_text]12. Policy Review<\/span><\/strong><\/p>\n This Policy must be reviewed every year, in January.<\/span>[\/vc_column_text][vc_separator type=”transparent” up=”15″ down=”0″][\/vc_column][\/vc_row][vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”grid” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern” css=”.vc_custom_1629074907549{padding-top: 60px !important;padding-bottom: 60px !important;background-color: #0a0a0a !important;}” z_index=””][vc_column width=”3\/4″ css=”.vc_custom_1629074789712{padding-right: 30px !important;}”][vc_column_text]<\/p>\nData and Information Security Policy<\/span><\/span><\/h1>\n
\n\n
\n Degree of Criticality<\/strong><\/span><\/td>\n Description<\/strong><\/span><\/td>\n<\/tr>\n \n RESTRICTED<\/span><\/td>\n Data can be shared with the email or link recipient, but shall not be propagated inside PRAGMA on file server or otherwise.<\/span><\/td>\n<\/tr>\n \n INTERNAL<\/span><\/td>\n Data can be shared internally at PRAGMA, on a need-to-know basis, under NDA and with precautions to use adequate sharing media.<\/span><\/td>\n<\/tr>\n \n LIMITED<\/span><\/td>\n Data can be shared internally at PRAGMA and with the relevant subcontractors and suppliers, on a need-to-know basis, under NDA and with precautions to use adequate sharing media.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n