Information Security Policy

Introduction

At MAV Reality, we recognize the importance of maintaining the confidentiality, integrity, and availability of our information assets. This policy outlines the requirements and responsibilities for protecting the confidentiality, integrity, and availability of MAV Reality's information assets.

Scope

This policy applies to all employees, contractors, consultants, and other third-party entities that have access to MAV Reality's information assets.

Information Classification

MAV Reality's information assets are classified into three categories:

Confidential: Information that is sensitive, proprietary, or subject to legal or regulatory requirements for protection.
Internal Use Only: Information that is intended for internal use only and should not be disclosed to external parties without proper authorization.
Public: Information that is intended for public disclosure.

Access Controls

Access to MAV Reality's information assets will be granted only to authorised individuals based on the principle of least privilege. Access controls will be implemented using a combination of physical, technical, and administrative controls.

Information Handling

All employees and third-party entities must handle MAV Reality's information assets with care and respect. This includes:

Protecting confidential and internal use only information from unauthorised access or disclosure.

Ensuring that public information is accurate and not misleading.
Using information only for legitimate business purposes.
Properly disposing of information that is no longer needed.

Information Security Incident Management

MAV Reality has established an incident management process to respond to information security incidents in a timely and effective manner. All employees and third-party entities must report any suspected or actual security incidents to the IT department immediately.

Compliance

MAV Reality is committed to complying with all applicable laws, regulations, and industry standards related to information security. This includes but is not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Payment Card Industry Data Security Standard (PCI DSS).

Policy Review

This policy will be reviewed annually to ensure its continued relevance and effectiveness. Any necessary updates or changes will be made in consultation with the IT department and other relevant stakeholders.

By following this Information Security Policy, MAV Reality can protect its information assets from unauthorised access, disclosure, or destruction, and maintain the trust of its customers, partners, and stakeholders.

Updated on: 09/06/2023