Our Data Security Policy

Effective Date: 30.01.2024

1. Purpose

The purpose of this Data Security Policy is to establish guidelines and procedures to ensure the confidentiality, integrity, and availability of data at MULTI-ME LTD. This policy applies to all employees, contractors, and third-party service providers who have access to company data.

2. Scope

This policy covers all data processed, stored, and transmitted by MULTI-ME LTD, including but not limited to data related to digital person-centered planning, care management products (Multi Me and RIX Wiki), customer information, and any other sensitive information.

3. Data Classification

Data at MULTI-ME LTD is classified into three categories based on sensitivity:

  • Public Data: Information that can be shared openly with the public.

  • Internal Data: Information intended for internal use within the company.

  • Confidential Data: Sensitive information that requires the highest level of protection, including customer data, financial information, and intellectual property.

4. Responsibilities

  • All employees are responsible for adhering to this data security policy.

  • Data stewards will be appointed for each data category to oversee the implementation and enforcement of data security measures.

5. Access Control

  • Access to data will be restricted based on job roles and responsibilities.

  • Employees will only have access to the data necessary for their specific job functions.

  • Access to confidential data will be granted on a need-to-know basis.

6. Data Encryption

  • All sensitive data in transit will be encrypted using industry-standard encryption algorithms.

  • Data at rest, especially confidential data, will be stored in encrypted form.

7. Data Handling

  • Employees must ensure that confidential data is not left unattended and is stored securely.

  • Data should only be transmitted through secure channels.

  • Data sharing with third parties will require appropriate contractual agreements and compliance with relevant data protection laws.

8. Data Backup and Recovery

  • Regular backups of critical data will be performed and tested to ensure data integrity.

  • Procedures for data recovery in the event of a security incident or data loss will be established.

9. Incident Response

  • An incident response plan will be in place to address security incidents promptly.

  • Employees are required to report any suspected security incidents to the designated security officer.

10. Training and Awareness

  • All employees will undergo regular training on data security best practices.

  • Awareness programs will be conducted to keep employees informed about the latest security threats and preventive measures.

11. Compliance

  • MULTI-ME LTD will comply with all relevant data protection laws and regulations.

  • Regular audits and assessments will be conducted to ensure compliance with this policy.

12. Review and Update

  • This policy will be reviewed periodically and updated as necessary to address changes in technology, business processes, or regulatory requirements.

13. Enforcement

  • Violations of this data security policy may result in disciplinary action, including termination of employment and legal consequences.

By adhering to this Data Security Policy, MULTI-ME LTD aims to maintain the confidentiality, integrity, and availability of its data assets and protect the interests of its customers and stakeholders.