ARKSOFT INC

Effective Date: Aug 7, 2024

Version: 1.0

1.0 Purpose

The purpose of this Information Security Policy is to establish a framework for protecting the information assets of ARKSOFT INC., its clients, and its users from security threats, whether internal or external, deliberate or accidental. This policy is designed to ensure the confidentiality, integrity, and availability of our data and systems.

2.0 Scope

This policy applies to all information, technology assets, and systems owned, operated, or managed by ARKSOFT INC. This includes all data created, processed, or stored by the company and applies to the founder and any future employees or contractors.

3.0 Policy Statements

3.1 Access Control

  • Principle of Least Privilege: Access to systems and data shall be limited to the minimum required to perform business functions.

  • Authentication: All access to critical systems will be authenticated via a unique user ID and a strong password.

  • Password Requirements: Passwords must be a minimum of 12 characters and include a mix of uppercase letters, lowercase letters, numbers, and symbols.

  • Multi-Factor Authentication (MFA): MFA is mandatory for access to all critical infrastructure, cloud services (e.g., AWS, Azure, Google Cloud, etc.), code repositories (e.g., GitHub), and email accounts.

3.2 Data Security

  • Data Encryption in Transit: All data transmitted over public networks must be encrypted using strong protocols, such as TLS 1.2 or higher.

  • Data Encryption at Rest: All sensitive customer and corporate data stored on servers, databases, and laptops must be encrypted using industry-standard algorithms (e.g., AES-256).

3.3 Vulnerability Management

  • Patch Management: All operating systems, applications, and software libraries must be kept up to date with the latest security patches. Updates shall be applied in a timely manner based on risk.

  • Vulnerability Scanning: Regular vulnerability scans will be performed on production assets to identify and remediate security weaknesses.

 

3.4 Software Development

Secure coding best practices (such as those outlined by the OWASP Top 10) will be followed during the development lifecycle to minimize security vulnerabilities in our applications.

3.5 Incident Response

In the event of a suspected security breach, a formal process of containment, investigation, and remediation will be initiated to minimize impact. If legally required, affected parties will be notified.

 

4.0 Roles and Responsibilities

The Founder of ARKSOFT INC. is responsible for implementing, maintaining, and enforcing this policy.

5.0 Policy Review

This policy will be reviewed at least annually or upon any significant changes to the company's technology environment or business operations.

 

Information Security Policy

WDVA Information
Certification Number
WDVAARKS23


ARKSOFT INC