Information Security Policy
Purpose
To establish the framework for information security at Build.
Security Objectives
- Confidentiality: Protect sensitive information from unauthorized access
- Integrity: Ensure accuracy and completeness of information
- Availability: Ensure authorized access when needed
Security Controls
Administrative Controls
- Security policies and procedures
- Security awareness training
- Background checks
- Access reviews
Technical Controls
- Encryption
- Access controls
- Monitoring and logging
- Vulnerability management
Physical Controls
- Secure facilities
- Environmental controls
- Asset management
Compliance
- SOC 2 Type II certification
- GDPR compliance
- Industry best practices
Responsibilities
- All employees: Follow security policies
- Security team: Implement and maintain controls
- Leadership: Provide resources and support