Information Security Policy

1. Introduction

TMJP BPO Services, Inc. (hereinafter referred to as “the Company”) recognizes the critical importance of information security in safeguarding the confidentiality, integrity, and availability of information assets entrusted to us by our clients, partners, and employees. This Information Security Policy outlines the principles, guidelines, and responsibilities that govern the protection of information assets.

2. Scope

This policy extends to all employees, contractors, vendors, and other people who are given access to the Company’s information assets or are engaged in the gathering and use of sensitive information on the Company’s behalf. 

3. Information Security Objectives

The Information Security Policy of the Company strives to:

• Prevent illegal access, disclosure, modification, or destruction of information assets.
• Comply with all relevant information security and privacy laws, regulations, and contractual requirements.
• Protect the Company’s and its clients’ reputations and commercial interests.
• Throughout the contract, ensure the availability, integrity, and confidentiality of information assets. 

4. Information Classification and Handling

The Company shall classify information assets based on their sensitivity levels and assign appropriate protection measures. Employees must adhere to the information handling guidelines specified for each classification level.

5. Access Control

Access to information assets shall be granted on a need-to-know basis. The Company will implement strong access controls, including unique user identification, authentication mechanisms, and role-based access permissions. 

6. Data Encryption and Protection

The Company shall implement encryption mechanisms to protect sensitive information during transmission and storage. Sensitive data, such as client data and personal information, will be encrypted using industry-standard encryption algorithms.

7. Incident Response

The Company will establish an Incident Response Plan to promptly detect, assess, and respond to security incidents. Employees must report any suspected security incidents to the designated incident response team.

8. Business Continuity and Disaster Recovery

In the event of an interruption or disaster, the Company should have a thorough Business Continuity and Disaster Recovery Plan to guarantee the prompt restoration of important systems and data.

9. Physical Security

The Company shall implement physical security measures to safeguard information assets housed on our premises, including access controls, surveillance, and monitoring systems. 

10. Security Awareness and Training

Employees shall get frequent security awareness and training seminars from the company to increase their understanding of information security issues and best practices.

11. Vendor and Third-Party Security

The Company shall assess the security practices of third-party vendors and service providers with access to our information assets. Contracts with vendors shall include information security clauses and compliance requirements.

12. Compliance

The Company shall follow all applicable information security and data privacy laws, regulations, and industry standards.

13. Policy Review and Updates

This Information Security Policy shall be reviewed periodically to ensure its effectiveness and relevance. Updates will be communicated to all relevant stakeholders.

14. Reporting Security Concerns

Employees and stakeholders are encouraged to report any security concerns, incidents, or potential vulnerabilities to the Information Security team.

15. Non-Compliance

Noncompliance with this Information Security Policy and associated processes may result in disciplinary action, including termination of employment or contract. Any employee may submit changes to this policy, which will be reviewed and approved by the stakeholders.