IT Security
Security foremost is one of our top priorities, which is why we have created an IT security management program aimed at reducing the risk of loss and improper use of critical MAZAJ information. It is a set of rules and practices covering control, employee education, incident reporting and periodic reviews.
They cover the area of:
Data and asset protection
Establish a proper classification and controls for information, data and asset categories. Adopt the access controls to enable access based on the need-to-know approach.
Physical and Environmental security
Put infrastructure resources in access-controlled areas, except those intended for public use. Adopt risk-based controls that may contain blocking or guarding some areas.
Asset management
Registers and inventory of assets. Establish an acceptable use policy for each asset or group of assets. Check it back regularly to stay up to date.
Security standards for employees
Follow security and use standards for employees and their workstations, mobile devices, connection to the internal network, and confidentiality protection.
Access control
Set up a policy for applications and systems to manage risks related to user account management, access enforcement and monitoring, division of duties, and remote access.
Security incidents
Respond to incidents like a potential security breach of data or information technology assets owned or managed by MAZAJ or our clients.
Operation security
Maintain operating procedures available to the specific users, such as authentication and authorization, backup, handling security incidents, and configuration of apps.
Compliance
MAZAJ’s security standards and policy are regularly verified through a bunch of assessment frameworks, activities and internal audits, depending on the needs.
Network security
Design and operate networks to restrict access to the MAZAJ network and be resilient in the face of external threats like intrusion or disruptions.