Logo

SimpliSealed

About

Services

Products

Logo

Menu

Logo

Menu

Cyber Security POlicy

Cyber Security POlicy

Cyber Security POlicy

Policy brief & purpose

SimpliSealed’s cyber security policy outlines our guidelines and provisions for preserving the security of our data technology infrastructure.
The more we rely on technology to collect, store and manage information, the more vulnerable we become to severe security breaches. Human errors, hacker attacks, system malfunctions and malware infections could cause great financial damage and may jeopardize our company’s reputation.
For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.

1. Systems and information integrity

1.1 Flaw Remediation

  • Procedure: IT specialists should quickly identify report and correct flaws within systems in a timely manner.

1.2 Malicious Code Protection

  • Definition: Malicious Code is any software or scripts designed to damage, disrupt, and gain unauthorized access to systems data.

  • Protection Measures:

    • Using antivirus software and preventing insertion of removable media.

    • Update antivirus software, often, especially when a new update has been released

    • Perform periodic scans of systems, and detect external unauthorized files.

1.3 Monitoring, Security Alerts, Advisories, and Directives

  • Monitoring: Simplisealed will continuously monitor system security alerts and takes prompt action to address any issues. All to ensure that potential threats are swiftly identified and mitigated to maintain the integrity and security of the system.

  • Traffic Monitoring: Monitors systems, tracking inbound and outbound communication traffic to detect and protect from cyber threats.

  • Unauthorized Monitoring: Identifies the unauthorized use of the organizational systems.


2. Access Control

2.1 System Access

  • Restriction: Access is restricted to authorized users, devices, and processes with controls implemented to manage entry through credentials and monitored channels.

  • Permission: Access rights are tailored to specific transactions and functions, ensuring that users operate within designated parameters.

2.2 Account Management

  • Process: Manage user accounts, including registration, access provisioning, and removal, with procedures in place to ensure that account activities are tracked, permissions are appropriately assigned, and access is promptly adjusted or revoked as necessary.

  • Review: Review and adjust user access rights regularly, with periodic evaluations to ensure that permissions remain aligned with current roles and responsibilities, and that any changes in access requirements are promptly addressed.

2.3 Access Enforcement

  • Implementation: Enforcement of access controls, including network access and application services.

2.4 Remote Access

  • Control and secure: This includes mobile devices and teleworking, by implementing robust authentication methods and encryption protocols to safeguard connections and ensure that only authorized users can access sensitive systems and data.

2.5 Information Flow

  • Definition: Controlled Unclassified Information (CUI) is a category of sensitive information that isn’t classified but still requires protection.

  • Procedure: Control and enforce the flow of Controlled Unclassified Information (CUI) in accordance with authorizations.

2.6 Separation of Duties

  • Risk Reduction: Separate duties to minimize the risk of unauthorized activities and have checks and balances.

2.7 Logon and Session Management

  • Security Measures:

    • Limit unsuccessful logon attempts to five attempts.

    • Use session locks and automatic termination after inactivity.

    • #Need to add

2.8 Monitoring and Control

  • Monitor: remote access sessions and protect confidentiality using cryptographic mechanisms.

  • Control: connections to and use of external systems and portable storage devices.

2.9 Wireless and Mobile Device Access

  • Authorize and secure wireless access using authentication and encryption.

  • Control and encrypt mobile devices and connections.

2.10 Publicly Accessible Systems

  • Limit the processing and posting of CUI on publicly accessible systems.

2.11 Keycard Access Security

  • Different people have different permissions ( A guest will have extremely limited permission compared to a employee to a manger who has a much higher level of access )

  • Parts of the building are closed off according to a persons keycard level.


3. Awareness and Training

3.1 Cyber Security Training


4. Media and Data Protection

4.1 Confidential data

  • Data Encryption:

    • data about customers/partners/vendors

    • patents, formulas, designs and new technologies

All employees are obliged to protect this data.

4.2 Managing Back Ups

  • Back up Management:

    • Maintain backups of data every 2 weeks, through online serves.

    • Backups are regularly checked to make sure they aren't corrupted and are tested to make sure the recovery process for using the backups are operational at all times.

4.3 Protect personal and company devices

When employees use their digital devices access company emails or accounts, they introduce security risk to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:

  • Keep all devices password protected.

  • Regularly updating company software, antivirus software, and devices.

  • Ensure they do not leave their devices exposed or unattended.

  • Using the secure browser portal, for all company information.

  • Log into company accounts and systems through secure and private networks only.

We also advise our employees to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
They should follow instructions to protect their devices and refer to IT Department if they have any questions.

4.4 Keep emails safe

Emails outside of the company may host scams and malicious software (e.g. Phishing attacks.) To avoid virus infection or data theft, we instruct employees to:
Make sure that the received email

  • Is an email from @simplisealed.com domain name.

  • Has no spelling mistakes or unexpected attachments.

  • Make sure it doesn't have any unusual request, or urgent wording.

If an employee isn’t sure that an email they received is safe, they can refer to our IT Department.

4.5 Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)

  • Employees must remember passwords, or use their secure keycard that updates with a new password to sign into any company related information.

  • Everyone has different tiers of accessibility (e.g. Manufacturing only has asses to manufacturing designs/models while IT only has information for things regarding the website )

  • Your password is changed every 2 weeks automatically, employees must use their keycard to learn the new password.

Remembering a large number of passwords can be daunting. We will purchase the services of a password management tool which generates new passwords every 2 week, but doesn’t save the passwords.

4.6 Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our [Security Specialists] for help.

  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.

  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.

  • Report scams, privacy breaches and hacking attempts

Our IT Department needs to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our Security Specialists must investigate promptly, resolve the issue and send a companywide alert when necessary.
Our Security Specialists are responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns.


5. Physical Security

5.1 Front Desk Security

  • Check Desk: Log of who comes in and out.

Disciplinary Action

We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action:

  • First-time, unintentional, small-scale security breach: We may issue a verbal warning and train the employee on security.

  • Intentional, repeated or large scale breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action up to and including termination.

We will examine each incident on a case-by-case basis.
Additionally, employees who are observed to disregard our security instructions will face discipline even if their behavior hasn’t resulted in a security breach.


Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.

  • Report stolen or damaged equipment as soon as possible to IT Department.

  • Change all account passwords at once when a device is stolen.

  • Report a perceived threat or possible security weakness in company systems.

  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.

  • Avoid accessing suspicious websites.


Our IT department should:

  • Install firewalls, anti malware software and access authentication systems.

  • Arrange for security training to all employees.

  • Inform employees regularly about new scam emails or viruses and ways to combat them.

  • Investigate security breaches thoroughly.

  • Follow this policies provisions as other employees do.

Our company will have all physical and digital shields to protect information

Policy brief & purpose

SimpliSealed’s cyber security policy outlines our guidelines and provisions for preserving the security of our data technology infrastructure.
The more we rely on technology to collect, store and manage information, the more vulnerable we become to severe security breaches. Human errors, hacker attacks, system malfunctions and malware infections could cause great financial damage and may jeopardize our company’s reputation.
For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.

1. Systems and information integrity

1.1 Flaw Remediation

  • Procedure: IT specialists should quickly identify report and correct flaws within systems in a timely manner.

1.2 Malicious Code Protection

  • Definition: Malicious Code is any software or scripts designed to damage, disrupt, and gain unauthorized access to systems data.

  • Protection Measures:

    • Using antivirus software and preventing insertion of removable media.

    • Update antivirus software, often, especially when a new update has been released

    • Perform periodic scans of systems, and detect external unauthorized files.

1.3 Monitoring, Security Alerts, Advisories, and Directives

  • Monitoring: Simplisealed will continuously monitor system security alerts and takes prompt action to address any issues. All to ensure that potential threats are swiftly identified and mitigated to maintain the integrity and security of the system.

  • Traffic Monitoring: Monitors systems, tracking inbound and outbound communication traffic to detect and protect from cyber threats.

  • Unauthorized Monitoring: Identifies the unauthorized use of the organizational systems.


2. Access Control

2.1 System Access

  • Restriction: Access is restricted to authorized users, devices, and processes with controls implemented to manage entry through credentials and monitored channels.

  • Permission: Access rights are tailored to specific transactions and functions, ensuring that users operate within designated parameters.

2.2 Account Management

  • Process: Manage user accounts, including registration, access provisioning, and removal, with procedures in place to ensure that account activities are tracked, permissions are appropriately assigned, and access is promptly adjusted or revoked as necessary.

  • Review: Review and adjust user access rights regularly, with periodic evaluations to ensure that permissions remain aligned with current roles and responsibilities, and that any changes in access requirements are promptly addressed.

2.3 Access Enforcement

  • Implementation: Enforcement of access controls, including network access and application services.

2.4 Remote Access

  • Control and secure: This includes mobile devices and teleworking, by implementing robust authentication methods and encryption protocols to safeguard connections and ensure that only authorized users can access sensitive systems and data.

2.5 Information Flow

  • Definition: Controlled Unclassified Information (CUI) is a category of sensitive information that isn’t classified but still requires protection.

  • Procedure: Control and enforce the flow of Controlled Unclassified Information (CUI) in accordance with authorizations.

2.6 Separation of Duties

  • Risk Reduction: Separate duties to minimize the risk of unauthorized activities and have checks and balances.

2.7 Logon and Session Management

  • Security Measures:

    • Limit unsuccessful logon attempts to five attempts.

    • Use session locks and automatic termination after inactivity.

    • #Need to add

2.8 Monitoring and Control

  • Monitor: remote access sessions and protect confidentiality using cryptographic mechanisms.

  • Control: connections to and use of external systems and portable storage devices.

2.9 Wireless and Mobile Device Access

  • Authorize and secure wireless access using authentication and encryption.

  • Control and encrypt mobile devices and connections.

2.10 Publicly Accessible Systems

  • Limit the processing and posting of CUI on publicly accessible systems.

2.11 Keycard Access Security

  • Different people have different permissions ( A guest will have extremely limited permission compared to a employee to a manger who has a much higher level of access )

  • Parts of the building are closed off according to a persons keycard level.


3. Awareness and Training

3.1 Cyber Security Training


4. Media and Data Protection

4.1 Confidential data

  • Data Encryption:

    • data about customers/partners/vendors

    • patents, formulas, designs and new technologies

All employees are obliged to protect this data.

4.2 Managing Back Ups

  • Back up Management:

    • Maintain backups of data every 2 weeks, through online serves.

    • Backups are regularly checked to make sure they aren't corrupted and are tested to make sure the recovery process for using the backups are operational at all times.

4.3 Protect personal and company devices

When employees use their digital devices access company emails or accounts, they introduce security risk to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:

  • Keep all devices password protected.

  • Regularly updating company software, antivirus software, and devices.

  • Ensure they do not leave their devices exposed or unattended.

  • Using the secure browser portal, for all company information.

  • Log into company accounts and systems through secure and private networks only.

We also advise our employees to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
They should follow instructions to protect their devices and refer to IT Department if they have any questions.

4.4 Keep emails safe

Emails outside of the company may host scams and malicious software (e.g. Phishing attacks.) To avoid virus infection or data theft, we instruct employees to:
Make sure that the received email

  • Is an email from @simplisealed.com domain name.

  • Has no spelling mistakes or unexpected attachments.

  • Make sure it doesn't have any unusual request, or urgent wording.

If an employee isn’t sure that an email they received is safe, they can refer to our IT Department.

4.5 Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)

  • Employees must remember passwords, or use their secure keycard that updates with a new password to sign into any company related information.

  • Everyone has different tiers of accessibility (e.g. Manufacturing only has asses to manufacturing designs/models while IT only has information for things regarding the website )

  • Your password is changed every 2 weeks automatically, employees must use their keycard to learn the new password.

Remembering a large number of passwords can be daunting. We will purchase the services of a password management tool which generates new passwords every 2 week, but doesn’t save the passwords.

4.6 Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our [Security Specialists] for help.

  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.

  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.

  • Report scams, privacy breaches and hacking attempts

Our IT Department needs to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our Security Specialists must investigate promptly, resolve the issue and send a companywide alert when necessary.
Our Security Specialists are responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns.


5. Physical Security

5.1 Front Desk Security

  • Check Desk: Log of who comes in and out.

Disciplinary Action

We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action:

  • First-time, unintentional, small-scale security breach: We may issue a verbal warning and train the employee on security.

  • Intentional, repeated or large scale breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action up to and including termination.

We will examine each incident on a case-by-case basis.
Additionally, employees who are observed to disregard our security instructions will face discipline even if their behavior hasn’t resulted in a security breach.


Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.

  • Report stolen or damaged equipment as soon as possible to IT Department.

  • Change all account passwords at once when a device is stolen.

  • Report a perceived threat or possible security weakness in company systems.

  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.

  • Avoid accessing suspicious websites.


Our IT department should:

  • Install firewalls, anti malware software and access authentication systems.

  • Arrange for security training to all employees.

  • Inform employees regularly about new scam emails or viruses and ways to combat them.

  • Investigate security breaches thoroughly.

  • Follow this policies provisions as other employees do.

Our company will have all physical and digital shields to protect information

Policy brief & purpose

SimpliSealed’s cyber security policy outlines our guidelines and provisions for preserving the security of our data technology infrastructure.
The more we rely on technology to collect, store and manage information, the more vulnerable we become to severe security breaches. Human errors, hacker attacks, system malfunctions and malware infections could cause great financial damage and may jeopardize our company’s reputation.
For this reason, we have implemented a number of security measures. We have also prepared instructions that may help mitigate security risks. We have outlined both provisions in this policy.

1. Systems and information integrity

1.1 Flaw Remediation

  • Procedure: IT specialists should quickly identify report and correct flaws within systems in a timely manner.

1.2 Malicious Code Protection

  • Definition: Malicious Code is any software or scripts designed to damage, disrupt, and gain unauthorized access to systems data.

  • Protection Measures:

    • Using antivirus software and preventing insertion of removable media.

    • Update antivirus software, often, especially when a new update has been released

    • Perform periodic scans of systems, and detect external unauthorized files.

1.3 Monitoring, Security Alerts, Advisories, and Directives

  • Monitoring: Simplisealed will continuously monitor system security alerts and takes prompt action to address any issues. All to ensure that potential threats are swiftly identified and mitigated to maintain the integrity and security of the system.

  • Traffic Monitoring: Monitors systems, tracking inbound and outbound communication traffic to detect and protect from cyber threats.

  • Unauthorized Monitoring: Identifies the unauthorized use of the organizational systems.


2. Access Control

2.1 System Access

  • Restriction: Access is restricted to authorized users, devices, and processes with controls implemented to manage entry through credentials and monitored channels.

  • Permission: Access rights are tailored to specific transactions and functions, ensuring that users operate within designated parameters.

2.2 Account Management

  • Process: Manage user accounts, including registration, access provisioning, and removal, with procedures in place to ensure that account activities are tracked, permissions are appropriately assigned, and access is promptly adjusted or revoked as necessary.

  • Review: Review and adjust user access rights regularly, with periodic evaluations to ensure that permissions remain aligned with current roles and responsibilities, and that any changes in access requirements are promptly addressed.

2.3 Access Enforcement

  • Implementation: Enforcement of access controls, including network access and application services.

2.4 Remote Access

  • Control and secure: This includes mobile devices and teleworking, by implementing robust authentication methods and encryption protocols to safeguard connections and ensure that only authorized users can access sensitive systems and data.

2.5 Information Flow

  • Definition: Controlled Unclassified Information (CUI) is a category of sensitive information that isn’t classified but still requires protection.

  • Procedure: Control and enforce the flow of Controlled Unclassified Information (CUI) in accordance with authorizations.

2.6 Separation of Duties

  • Risk Reduction: Separate duties to minimize the risk of unauthorized activities and have checks and balances.

2.7 Logon and Session Management

  • Security Measures:

    • Limit unsuccessful logon attempts to five attempts.

    • Use session locks and automatic termination after inactivity.

    • #Need to add

2.8 Monitoring and Control

  • Monitor: remote access sessions and protect confidentiality using cryptographic mechanisms.

  • Control: connections to and use of external systems and portable storage devices.

2.9 Wireless and Mobile Device Access

  • Authorize and secure wireless access using authentication and encryption.

  • Control and encrypt mobile devices and connections.

2.10 Publicly Accessible Systems

  • Limit the processing and posting of CUI on publicly accessible systems.

2.11 Keycard Access Security

  • Different people have different permissions ( A guest will have extremely limited permission compared to a employee to a manger who has a much higher level of access )

  • Parts of the building are closed off according to a persons keycard level.


3. Awareness and Training

3.1 Cyber Security Training


4. Media and Data Protection

4.1 Confidential data

  • Data Encryption:

    • data about customers/partners/vendors

    • patents, formulas, designs and new technologies

All employees are obliged to protect this data.

4.2 Managing Back Ups

  • Back up Management:

    • Maintain backups of data every 2 weeks, through online serves.

    • Backups are regularly checked to make sure they aren't corrupted and are tested to make sure the recovery process for using the backups are operational at all times.

4.3 Protect personal and company devices

When employees use their digital devices access company emails or accounts, they introduce security risk to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:

  • Keep all devices password protected.

  • Regularly updating company software, antivirus software, and devices.

  • Ensure they do not leave their devices exposed or unattended.

  • Using the secure browser portal, for all company information.

  • Log into company accounts and systems through secure and private networks only.

We also advise our employees to avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
They should follow instructions to protect their devices and refer to IT Department if they have any questions.

4.4 Keep emails safe

Emails outside of the company may host scams and malicious software (e.g. Phishing attacks.) To avoid virus infection or data theft, we instruct employees to:
Make sure that the received email

  • Is an email from @simplisealed.com domain name.

  • Has no spelling mistakes or unexpected attachments.

  • Make sure it doesn't have any unusual request, or urgent wording.

If an employee isn’t sure that an email they received is safe, they can refer to our IT Department.

4.5 Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise our employees to:

  • Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g. birthdays.)

  • Employees must remember passwords, or use their secure keycard that updates with a new password to sign into any company related information.

  • Everyone has different tiers of accessibility (e.g. Manufacturing only has asses to manufacturing designs/models while IT only has information for things regarding the website )

  • Your password is changed every 2 weeks automatically, employees must use their keycard to learn the new password.

Remembering a large number of passwords can be daunting. We will purchase the services of a password management tool which generates new passwords every 2 week, but doesn’t save the passwords.

4.6 Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our [Security Specialists] for help.

  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.

  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.

  • Report scams, privacy breaches and hacking attempts

Our IT Department needs to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our Security Specialists must investigate promptly, resolve the issue and send a companywide alert when necessary.
Our Security Specialists are responsible for advising employees on how to detect scam emails. We encourage our employees to reach out to them with any questions or concerns.


5. Physical Security

5.1 Front Desk Security

  • Check Desk: Log of who comes in and out.

Disciplinary Action

We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action:

  • First-time, unintentional, small-scale security breach: We may issue a verbal warning and train the employee on security.

  • Intentional, repeated or large scale breaches (which cause severe financial or other damage): We will invoke more severe disciplinary action up to and including termination.

We will examine each incident on a case-by-case basis.
Additionally, employees who are observed to disregard our security instructions will face discipline even if their behavior hasn’t resulted in a security breach.


Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.

  • Report stolen or damaged equipment as soon as possible to IT Department.

  • Change all account passwords at once when a device is stolen.

  • Report a perceived threat or possible security weakness in company systems.

  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.

  • Avoid accessing suspicious websites.


Our IT department should:

  • Install firewalls, anti malware software and access authentication systems.

  • Arrange for security training to all employees.

  • Inform employees regularly about new scam emails or viruses and ways to combat them.

  • Investigate security breaches thoroughly.

  • Follow this policies provisions as other employees do.

Our company will have all physical and digital shields to protect information

SimpliSealed

Company

Policies

Cyber Policies

Learn

FAQ

SimpliSealed

Company

Policies

Cyber Policies

Learn

FAQ

SimpliSealed

Company

Policies

Cyber Policies

Learn

FAQ

Create a free website with Framer, the website builder loved by startups, designers and agencies.