This Information Security Policy outlines the principles, guidelines, and practices that Testfully (“the Company”) follows to ensure the security of sensitive customer data and other confidential information. As a startup operating in the API Client, Testing, Monitoring, and Documentation space, Testfully is committed to maintaining our systems and data’s confidentiality, integrity, and availability.
Purpose
This policy aims to establish a comprehensive framework for managing information security risks, ensuring compliance with relevant laws and regulations, and building a culture of security within the organization.
Scope
This policy applies to all employees, contractors, third-party vendors, and any individual who accesses Testfully’s systems, applications, or data.
Information Classification
Testfully recognizes the importance of classifying information based on its sensitivity. We categorise data into three primary classifications:
Confidential
Sensitive customer data, proprietary business information, and any data that, if disclosed, could result in financial, legal, or reputational harm to the Company.
Internal
Non-public information meant for internal use, such as project details, research, and non-customer-specific data.
Public
Information intended for public consumption and that does not pose risks if disclosed.
Security Controls
Access Control
Access to systems and data shall be granted based on the principle of least privilege. Role-based access controls ensure that only authorised personnel can access sensitive data.
Encryption
All transmitted and stored sensitive customer data are encrypted using industry-standard encryption protocols.
Authentication
Multi-factor authentication (MFA) is enforced for accessing critical systems and applications.
Network Security
Firewalls, intrusion detection and prevention systems, and other security measures are employed to safeguard our network infrastructure.
Software Development Security
Secure coding practices are followed to minimise vulnerabilities in our software products.
Data Retention and Disposal
Data are retained only as long as necessary and securely disposed of using approved methods.
Incident Response
Testfully maintain an incident response plan to address security incidents promptly and effectively. The plan will outline procedures for detecting, reporting, investigating, and mitigating security breaches.
Training and Awareness
All employees will undergo regular security awareness training to ensure they understand security risks and best practices. Training will cover topics such as phishing awareness, data handling, and incident reporting.
Compliance and Monitoring
Testfully comply with applicable laws, regulations, and industry standards related to information security. Regular security assessments, audits, and reviews are conducted to identify and address vulnerabilities.
Third-Party Security
Vendors and partners who handle Testfully’s data must adhere to security and privacy practices consistent with our policy.
Policy Review and Updates
This policy will be reviewed annually and updated to reflect technological changes, business operations, and security threats.
Compliance Reporting
Any suspected violations of this policy should be reported to the designated security officer. Non-compliance with security policies may result in disciplinary action.
By adhering to this Information Security Policy, Testfully aims to maintain the trust of its customers, protect sensitive data, and uphold a strong commitment to information security across all aspects of its operations.
Date of Last Revision: 2023/08/06
Authorised by: Matthew Valley
Position: Managing Director