risk Policy
Information Security Policy
Establishes the framework for protecting Mesta's information assets, defining roles, responsibilities, and requirements for maintaining confidentiality, integrity, and availability of data. Covers risk management, asset classification, and security controls across all organizational functions.
ActiveDownload PDF
Version
2.1.0
Effective Date
2/1/2025
Next Review
2/1/2026
Approved By
Chief Information Security Officer
Policy Document
Information Security Policy
Version: 2.1.0 Effective Date: 2025-02-01 Next Review: 2026-02-01 Approved By: Chief Information Security Officer ---1. Purpose and Scope
Establishes the framework for protecting Mesta's information assets, defining roles, responsibilities, and requirements for maintaining confidentiality, integrity, and availability of data. Covers risk management, asset classification, and security controls across all organizational functions.
This policy applies to all Mesta Technologies Inc. employees, contractors, vendors, and systems that process, store, or transmit company or customer data.
2. Roles and Responsibilities
3. Policy Statements
[Detailed policy requirements would be listed here in the full document]
3.1 General Requirements
This section outlines the fundamental requirements that all stakeholders must follow.
3.2 Specific Controls
This section details specific technical and administrative controls implementing this policy.
3.3 Exceptions
Policy exceptions require written approval from Chief Information Security Officer and must be reviewed quarterly.
4. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may result in legal action.
5. Related Documents
This policy supports the following security controls:
3.2 Specific Controls
This section details specific technical and administrative controls implementing this policy.
3.3 Exceptions
Policy exceptions require written approval from Chief Information Security Officer and must be reviewed quarterly.
4. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may result in legal action.
5. Related Documents
This policy supports the following security controls:
4. Enforcement
Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, and may result in legal action.
5. Related Documents
This policy supports the following security controls:
6. Revision History | Version | Date | Author | Changes | |---------|------|--------|---------| | 2.1.0 | 2025-01-15 | Security Team | Current version | --- *This document is confidential and proprietary to Mesta Technologies Inc.*
Related Controls (5)
Risk assessments performed
Annual risk assessments with quarterly reviews and mitigation tracking.
passing
Security policies documented
Comprehensive security policies reviewed and approved annually.
passing
Data classification policy established
Data classified by sensitivity with handling procedures.
passing
Security metrics tracked
KPIs for security posture reported to leadership monthly.
passing
Data classification policy established
Data classified as Public, Internal, Confidential, or Restricted.
passing
Supported Frameworks
Policy Details
- Policy ID
- information-security-policy
- Category
- risk
- Author
- Security Team
- Approval Date
- 1/15/2025
- Page Count
- 24 pages
Version History
v2.1.02/1/2025
Current approved version