Privacy Policy
Omnigaze Information Security Policy
Version 1.4 – Last Updated: 25 April 2024
Omnigaze Inc. is committed to the highest standards of information security. This Information Security Policy outlines the strategic framework, practices, and responsibilities required to safeguard the confidentiality, integrity, and availability of all data processed by Omnigaze’s services and software.
Table of Contents- Information Security Objectives and Framework
- Data Classification and Handling
- System and Communication Protection
- Access Control and Identity Management
- Incident Response and Monitoring
- Compliance and Audits
1. Information Security Objectives and Framework
- Purpose: The primary objective of this policy is to protect information assets from all threats, whether internal or external, deliberate, or accidental. Omnigaze is dedicated to maintaining the security and integrity of data across all platforms, including on-premises installations and future cloud deployments.
- Scope: This policy applies to all employees, contractors, and third parties involved in information processing and governance within Omnigaze.
2. Data Classification and Handling
- Data Inventory: Omnigaze maintains a detailed inventory of all data assets, categorizing them according to sensitivity and business importance.
- Data Handling Protocols: Specific protocols are established for handling different types of data, including the creation, storage, transmission, and destruction processes, ensuring alignment with industry best practices and regulatory requirements.
3. System and Communication Protection
- Network Security: Robust firewalls, intrusion detection systems, and encrypted data transmission are enforced. Omnigaze proprietary software (and the implicated processing of sensitive infrastructure data) is installed and handled by the customer in their datacenter or on a virtual machine (e.g. in Microsoft Azure).
- System Hardening: Regular updates and security patches are applied. Systems are configured to secure standards to minimize vulnerabilities.
4. Access Control and Identity Management
- Access Control Policies: Strict access control policies are implemented, ensuring that only authorized personnel have access to sensitive data and systems.
- Authentication and Authorization: Omnigaze employs strong authentication methods, including multi-factor authentication where necessary, to control access to systems and data.
5. Incident Response and Monitoring
- Incident Response Plan: A formal incident response plan is in place, detailing procedures for managing security breaches or potential security incidents. This plan includes notification processes, roles and responsibilities, and steps for containment, eradication, and recovery.
- Monitoring: Continuous monitoring solutions are implemented to detect and respond to security threats in real-time. Security logs are retained according to legal and operational requirements.
6. Compliance and Audits
- Regulatory Compliance: Omnigaze ensures compliance with all relevant data protection laws and regulations, including the GDPR for handling personal data.
- Audits: Regular security audits are conducted to evaluate the effectiveness of the information security practices. Audit findings are addressed promptly to mitigate any identified risks.
Security Certifications: Omnigaze is actively pursuing ISO 27001 certification to further reinforce its commitment to recognized international security standards.
Contact InformationFor any concerns or queries related to information security, please contact:
- Email: security@omnigaze.com
- Address: Toftesvinget 26, 8250 Egå
This policy is reviewed annually and updated as necessary to reflect changes in the risk landscape or operational practices. All amendments are approved by senior management and communicated to all stakeholders.
Declaration: This policy document represents our structured approach to managing information security risks, tailored to protect our operations and data across all service and deployment models. It underscores our commitment to maintaining the trust of our clients and partners by ensuring the highest levels of security.