Information Security Policy Statement
The scope of Eummena's Information Security Policy Statement policy targets the protection of the confidentiality, integrity and availability of information. The policy applies to all data, hardware, information, and privacy identification information (PII) and other classes of protected information in any form (physical, electronic, oral etc.) that belongs to or controlled by Eummena.
It is the policy of Eummena that information, in all its forms written, spoken, recorded electronically, or printed, shall be protected from accidental or intentional unauthorized use, modification, destruction or disclosure throughout its life cycle by unauthorized or authorized personnel without proper and necessary clearances. This protection includes an appropriate level of security over the data, information, equipment, and software used to process, store, and transmit appropriate information.
Eummena is responsible for operating IT facilities that maximize physical and electronic security, provide reasoned protections for IT systems from natural or other disasters, and minimize cyber security risks for Eummena data and systems.
Eummena is also responsible for provisioning an evolving set of information technology infrastructure and services that meet the common, evolving needs of all facilities and entities. This may include contracting for services via cloud and off-site services providers that offer desirable and secure common services of value to the Eummena personnel and its clients.
All entities and staff of Eummena will deploy and use IT systems and services in ways that vigilantly mitigate cyber security risks, maximize physical security for IT systems, and minimize unacceptable risks to IT systems and data from natural disasters (collectively, "Cyber Risks").
The primary means of reducing and mitigating Cyber Risks at Eummena is for entities and staff to use the secure facilities, common information technology infrastructure, and services provided by Eummena to the greatest extent practicable for achieving their work.
To the extent that the primary means of Cyber Risk mitigation is not practicable for achieving entities work, the secondary means is for Group-level and Entities-level IT providers to formally document their role, responsibilities, and ongoing vigilance to mitigate Cyber Risks to Eummena