Information Security Policy
Breakout Learning Inc
Purpose
Breakout Learning Inc’s Information Security Policy establishes a general approach to information security to prevent information misuse, compromise, or loss. The policy documents security processes and measures, upholds ethical standards, meets regulatory, legal, and contractual obligations, controls business risk, and ensures that the company’s image and reputation are protected.
Scope
This policy applies to:
- Information in all forms, regardless of the media on which it is stored.
- All Breakout Learning Inc employees, temporary staff, partners, contractors, vendors, suppliers, and any other entity that accesses the company’s networks.
- Documents, messages, and other communications created or communicated via the company systems.
- Information resources entrusted to the company by any external entity.
Background
This policy is the overarching document within Breakout Learning Inc’s Information Security Program (ISP). The series of security policies within this program include:
- Acceptable Use Policy
- Asset Management Policy
- Backup Policy
- Business Continuity/Disaster Recovery Plans
- Code of Conduct
- Data Classification, Retention, and Protection Policies
- Encryption and Password Policies
- Incident Response Plan
- Physical Security Policy
- Responsible Disclosure Policy
- Risk Assessment Policy
- Software Development Life Cycle Policy
- System Access Management Policy
- Vendor Management Policy
- Vulnerability Management Policy
Information Security Objectives
Breakout Learning Inc is committed to maintaining the Confidentiality, Integrity, and Availability of its information assets:
- Confidentiality: Data is protected from unauthorized access.
- Integrity: Data remains intact, accurate, and complete.
- Availability: Systems are accessible when needed.
Roles and Responsibilities
The Chief Information Security Officer (CISO) is responsible for:
- The design, maintenance, and enforcement of this policy and other ISP policies.
- Ensuring that the ISP aligns with ISO/IEC 27001:2022.
- Reporting on the performance of the information security program to executive management.
Board of Directors Meetings
The Board of Directors meets quarterly. Formal meeting minutes are documented and retained for compliance and regulatory purposes.
Policy
Background Check Process
All employees must undergo background checks as part of their hiring process. This process is conducted before employment begins and ensures that the integrity and security of Breakout Learning Inc’s operations are protected.
Training
- Employees, contractors, and third-party users must complete security awareness training during onboarding and annually.
- Different methods of security awareness training are employed, including online modules.
- Phishing simulations will be conducted as part of security awareness training to improve employee awareness of social engineering risks.
Clean Work Area
- Sensitive materials (both hardcopy and electronic) must be secured and locked when not in use.
- Workstations must be locked or powered down at the end of each day.
Internet/Intranet Access and Use
- Internet access and use are privileges. Misuse, including engaging in personal business, sending spam, or violating company policies or laws, may result in revocation of access and disciplinary action.
Mobile Endpoint and Storage Devices
- Mobile devices and storage media that connect to the company network must adhere to security standards outlined in the Acceptable Use and Asset Management Policies.
- Employees are required to report any incidents or theft of mobile devices to the responsible party immediately.
Teleworking
- When working remotely, authorized users must maintain secure connections and use up-to-date antivirus software, complying with all security requirements for remote access.
Employment Terms and Conditions
- All employees must sign confidentiality agreements before accessing sensitive information. Responsibilities for safeguarding information extend beyond the period of employment.
Enforcement
Breakout Learning Inc retains the right to monitor compliance with this policy. Violations of the policy may result in disciplinary action, including termination, and will be handled according to company HR standards.
Revision History
Version |
Date |
Editor |
Approver |
Description of Changes |
1.1 |
2024/10/01 |
Nikita Rogatnev |
Joshua Oster-Morris |
Standardized role titles across all relevant policies, replacing previous variations |
1.0 |
2024/01/01 |
Joshua Oster-Morris |
Jake Shepherd |
Initial version |