Information Security Statement

Scope

The security statement, and all the policies that support it, covers Jumpstart Security’s information systems and resources. Perhaps more importantly, it covers Jumpstart Security data stored on these systems as well as any backups or hardcopies of this data.

Where sensitive or personal data is stored or transmitted, more restrictive requirements will apply. Therefore, Jumpstart Security aims to limit the scope of such environments to the fullest extent possible.

Goals

The goals of this security statement are to accomplish the following:

  1. To allow for the confidentiality and privacy of Jumpstart Security’s information.
  2. To provide protection for the integrity of Jumpstart Security’s information.
  3. To provide for the availability of Jumpstart Security’s information.

This is commonly referred to as the “CIA Triad” of Confidentiality, Integrity, and Availability, an approach which is shared by all major security regulations and standards. Additionally, this approach is consistent with generally accepted industry best practices for security management.

Intent

This security statement indicates Jumpstart Security’s management team’s commitment to maintaining a secure network, which allows for effective securing Jumpstart Security’s information assets.

A security statement can also provide legal protection to Jumpstart Security, by specifying exactly how users can and cannot use the network, how they should treat confidential information, and the proper use of encryption.

It is the intent of this security statement to clearly communicate the requirements necessary for compliance with any applicable regulations.

Coverage of IT Security

This security statement is supported by multiple policies, that include:

  • Acceptable Use of IT
  • Email Management
  • IT Security
  • Incident Response and Data Breaches
  • Access Management, including Remote Access
  • Security Awareness
  • Backup, Business Continuity and Disaster Recovery
  • Password Management
  • Vendor Management

Jumpstart Security's Information Security Management System

It is Jumpstart Security's intention to comply with this statement not just on paper but in its everyday processes as well. With that goal in mind, Jumpstart Security has implemented an information security management system (ISMS) that covers:

  • The implementation of this security statement, and all the policies that support it, are implemented through our information security program, which includes:
    1. the implementation of information security policies,
    2. ensuring that these policies are disseminated to employees,
    3. training and retraining of employees on Jumpstart Security's information security program,
    4. any ongoing testing or analysis of Jumpstart Security's security in compliance with this policy,
    5. updating the policy as needed to adhere with applicable regulations and the changing information security landscape.
  • Our security program covers the maintenance of a list of all critical technologies (such as remote access technologies, wireless technologies, laptops, tablets, email, and the Internet) and the users that have access to these technologies.
  • Our security program also covers the security of Jumpstart Security’s data and monitors and control all access to Jumpstart Security’s information resources.
  • In addition to the above, our security program covers:
    • Developing daily operational security procedures that are consistent with the requirements of this policy, and clearly communicating those procedures to the appropriate personnel.
    • Monitoring and analysing security alerts and distributing that information to the appropriate personnel.
    • The administration of user accounts, including additions, deletions, and modifications.
  • Additional resources can be included in Jumpstart Security’s security program as deemed necessary. All security roles and responsibilities is clearly defined, with appropriate escalation paths. Furthermore, our security team is specifically designated as the contact in the event of a suspected security incident.

Updates to this Statement

Company management can make changes to this statement at any time. Any changes will result in an updated statement being released.