Infosec

Information Security at Advision Consulting

In today’s digital landscape, protecting sensitive information is paramount. At Advision Consulting, we prioritize Information Security (Infosec) to ensure the confidentiality, integrity, and availability of data for our clients and partners.

Our Commitment to Information Security

We have established a comprehensive Written Information Security Program (WISP) that outlines our policies and procedures to safeguard information effectively. Our WISP is designed to:

• Maintain Security and Confidentiality: Protecting information received, stored, transmitted, or used by Advision.
• Prevent Threats and Hazards: Implementing measures against anticipated security threats or data integrity breaches.
• Prevent Unauthorized Access: Safeguarding against unauthorized access that could lead to identity theft or fraud.

Key Components of Our Information Security Program

Our WISP encompasses several critical areas to ensure robust information security:

• Acceptable Use Policies: Defining appropriate use of organizational resources.
• Network and Cloud Security: Utilizing encryption, firewalls, anti-virus protection, and malware defenses.
• Computer and Mobile Device Security: Securing endpoints to prevent unauthorized access.
• Removable Media Security: Managing the use of USB drives and other external storage devices.
• Physical Security: Implementing measures like locks, clean desk policies, and controlled visitor access.
• Secure Software Development: Ensuring security is integrated into the software development lifecycle.
• Secure Information Transmission: Protecting data during transfer via mail, email, SFTP, etc.
• Secure Destruction of Sensitive Information: Properly disposing of data that is no longer needed.
• Security Incident Reporting: Establishing protocols for reporting and managing security incidents.

Supporting Policies and Procedures

In addition to our WISP, we maintain various policies to reinforce our information security framework:

• Incident Response Plan: Guidelines for addressing and managing security breaches promptly.
• Crisis Management Plan: Strategies to handle unforeseen events that could impact operations.
• Disaster Recovery and Business Continuity Plan: Ensuring the continuation of critical functions during and after a disaster.
• Global Privacy Policy: Commitment to protecting personal data in compliance with applicable laws.

Employee Training and Awareness

We believe that informed employees are the first line of defense against security threats. Our WISP Coordinators are responsible for implementing and annually updating the WISP, as well as conducting annual training sessions for all employees to ensure awareness and compliance with our information security policies.

Continuous Improvement

Information security is an evolving field. We regularly review and update our security measures to adapt to new threats and technological advancements, ensuring that our clients’ information remains protected.

At Advision Consulting, we are dedicated to maintaining the highest standards of information security to protect the interests of our clients and uphold the trust they place in us.