CONTACT US

INFORMATION SECURITY POLICY

Last Modified: 01 Jun., 2026

1. Introduction

At LightBlack, protecting information, systems, and digital assets is a fundamental business responsibility.

We are committed to maintaining appropriate security measures to protect client data, company information, technology infrastructure, and business operations against unauthorized access, loss, misuse, disclosure, alteration, or disruption.

2. Purpose

The purpose of this policy is to:

  • Protect confidential and sensitive information.
  • Maintain the integrity and availability of systems and services.
  • Reduce cybersecurity risks.
  • Support compliance with applicable legal and regulatory requirements.
  • Promote a culture of security awareness throughout the organization.

 

3. Scope

This policy applies to:

  • Employees
  • Contractors
  • Freelancers
  • Consultants
  • Third-party service providers
  • Any individual with access to LightBlack systems, networks, applications, or data

 

4. Information Security Principles

LightBlack follows three core information security principles:

Confidentiality
Information is accessible only to authorized individuals.

Integrity
Information is protected from unauthorized modification or alteration.

Availability
Systems and information remain available when required for business operations.

5. Access Control

Access to systems, applications, and information shall be granted based on business necessity.

LightBlack will:
  • Restrict access to authorized personnel only.
  • Apply the principle of least privilege.
  • Remove access promptly when no longer required.
  • Use secure authentication methods where appropriate.

Employees and contractors are responsible for safeguarding their login credentials and must not share passwords with others.

6. Password & Authentication Requirements

Users are expected to:

  • Use strong and unique passwords.
  • Protect authentication credentials from unauthorized access.
  • Enable Multi-Factor Authentication (MFA) whenever available.
  • Report suspected credential compromise immediately.

7. Data Protection

LightBlack is committed to protecting client and company information.

Measures may include:
  • Secure storage of information.
  • Controlled access to sensitive data.
  • Encryption where appropriate.
  • Secure backup procedures.
  • Secure disposal of information when no longer required.

Personal data will be processed in accordance with applicable privacy and data protection laws, including GDPR where applicable.

8. Device & System Security

All devices used for business purposes should be maintained securely.

This includes:
  • Keeping software updated.
  • Applying security patches promptly.
  • Using approved security solutions.
  • Protecting devices against malware and unauthorized access.

9. Remote Working Security

Employees and contractors working remotely must take reasonable measures to protect company and client information.

This includes:

  • Using secure internet connections.
  • Protecting devices from unauthorized access.
  • Avoiding the use of unsecured public networks where possible.
  • Maintaining confidentiality when working outside the office environment.

10. Incident Reporting

Any suspected or actual security incident must be reported immediately.

Examples include:
  • Unauthorized access attempts.
  • Data breaches.
  • Malware infections.
  • Lost or stolen devices.
  • Accidental disclosure of sensitive information.

LightBlack will investigate reported incidents and take appropriate corrective actions.

11. Third-Party Services

LightBlack works with trusted technology providers and partners.

Where appropriate, third-party services are evaluated for security, reliability, and compliance before being used within business operations.

12. Security Awareness

Information security is a shared responsibility.

Employees, contractors, and partners are expected to:
  • Follow security procedures.
  • Remain alert to cybersecurity threats.
  • Report suspicious activities.
  • Participate in security awareness initiatives when required.

13. Business Continuity

LightBlack takes reasonable measures to ensure the continuity of critical business services through backup, recovery, and resilience practices designed to minimize operational disruption.

14. Compliance

All individuals covered by this policy must comply with applicable laws, regulations, contractual obligations, and internal security requirements.

15. Policy Review

This policy will be reviewed periodically to ensure its effectiveness and alignment with evolving cybersecurity risks, legal requirements, and industry best practices.