Information Security Policy
2516 AH Den Haag
Our Information Security Policy - Objective
ZangaBee wants to be that trustworthy partner that customers turn to for projects and services with the conviction that ZangaBee’s standards are at least as high as their own.
Young but the right DNA
As a young company, ZangaBee yet has to obtain ISO certifications, but the DNA of the company is already very much focussed on setting the right standards in areas such as:
- Non-Disclosure Agreement (NDA)
- Need to Know Basis and On/offboarding
- Credentials management
- Clean Desk
- Acceptable Use
- Data Breach Response
- Digital Signatures
These topics are detailed out in the sections below.
- These policies apply to both our employees and the freelancers that work for ZangaBee.
- “ZangaBee management” below refers to either one of the Company Directors mentioned previously.
Non-Disclosure Agreement (NDA)
Customers might ask us to sign an NDA before they give access to their systems.
We will centrally sign such NDAs such that ZamgaBee is responsible for its employees.
Need to Know Basis and On/Offboarding
For our work, it’s very often essential that we have administrator rights to the systems of our customers. However, we should not have access longer than needed.
It’s the customer’s responsibility to ensure offboarding and revoking of access once projects/services have been completed. However, we do adhere to the following ZangaBee standards:
- we do not go into systems where there is no work to be done
- we call out to ZangaBee management if we feel that a customer has accidentally given us too much/unnecessary access. ZangaBee management will then take this up with the customer.
- LastPass is used as a vault for credentials and for securely sharing credentials.
- It’s recommended to use the secure password generator in LastPass to generate adequate and unique passwords.
- The usage of “Remember Password” features of applications (for example, web browsers) should be phased out.
- Users must use a separate, unique password for each of their work-related accounts. Users may not use any work-related passwords for their own, personal accounts.
- User accounts that have system-level privileges granted through group memberships or programs must have a unique password.
- In addition, it is highly recommended that some form of multi-factor authentication is used for any privileged accounts
- You are required to ensure that all sensitive/confidential information in hardcopy or electronic form is secure in their work area at the end of the day, and when the employees are expected to be gone for an extended period.
- Computer workstations must be locked when the workspace is unoccupied.
- Any Confidential or Sensitive information must be removed from the desk and locked in a drawer when the desk is unoccupied and at the end of the workday.
- Passwords may not be left on sticky notes posted on or under a computer, nor may they be left written down in an accessible location.
- Printouts containing Confidential or Sensitive information should be immediately removed from printers and copy machines.
- Whiteboards containing Confidential and/or Sensitive information should be erased.
You agree that you are responsible for complying with all applicable laws in all of your activities related to your work for ZangaBee.
ZangaBee has the right but not the obligation to monitor and remove communications content that we find in our sole discretion to be objectionable in any way.
In addition, you are prohibited from using ZangaBee’s tools and systems for communications or activities that:
(a) violate any law, statute, ordinance or regulation;
(b) promote hate, violence, racial intolerance, or the financial exploitation of a crime;
(c) defame, abuse, harass or threaten others;
(d) include any language or images that are bigoted, hateful, racially offensive, vulgar, obscene, indecent or discourteous;
(e) infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction;
(f) impose an unreasonable or disproportionately large load on our infrastructure;
(g) facilitate any viruses, trojan horses, worms or other computer programming routines that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or information;
(h) constitute use of any robot, spider, other automatic device, or manual process to monitor or copy information without our prior written permission;
(i) constitute use of any device, software or routine to bypass technology protecting ZangaBee’s tools and systems or attempt to interfere with them; or
(j) may cause us o lose any of the services from our internet service providers, payment processors, or other vendors. We encourage you to provide notice to us by contacting us by one of the methods set forth in the contact us section above of any violations of this section or the Agreement generally.
Data Breach Response
As soon as a theft, data breach or exposure containing ZangaBee Protected or Sensitive data is
identified, the process of removing all access to that resource will begin.
As soon as a theft, data breach of ZangaBee’s customers Protected or Sensitive data is identified or
deemed identified, ZangaBee Management is to be informed immediately and ZangaBee
management will inform the customer(s).
One of the Company Directors will chair a multi disciplinary incident response team to handle the
breach or exposure.
Work with forensic investigators and experts will be facilitated to determine how the breach or
exposure occurred; the types of data involved; the number of internal/external individuals and/or
organizations impacted; and analyze the breach or exposure to determine the root cause.
ZangaBee will team with the Customer(s) to minimize the impact and to jointly determine the
necessary repair activities.
A digital signature is an acceptable substitute for a wet signature on any intra-organization document or correspondence.
If you are asked to sign a document on behalf of ZangaBee (digital or otherwise), then you forward that request to ZangaBee management to verify the validity of the request.
ZangaBee uses PandaDoc for obtaining digital signatures, but the following platforms are also accepted:
- More will be added in future
Digital signatures must apply to individuals only. Digital signatures for roles, positions, or titles are not considered valid.