Policy
Library

Information Security Policies Workstation Policies Work From Home Policies Access Control Policies Internal Work Regulations

Information Security Policy

Overview: Information Security at EMAYA

Our Information Security Policy underpins our commitment to protecting the confidentiality, integrity, and availability of information. Here are fundamental principles and practices:

Mitigate Security Incidents: Through established policies and standardized procedures.
Protect Information Assets: Orienting our work environment towards safeguarding information and supporting assets.
Risk Management: Keeping security risks and threats controlled through comprehensive risk management plans.
Compliance: Adhering to regulations, maintaining best information security practices, and fulfilling legal obligations alongside client service level agreements.
Continual Improvement: Ensuring the effectiveness and enhancement of our processes and procedures related to information security.
Formal Disciplinary Process: For violations of our information security policies and procedures.

These principles are foundational to our Information Security Management System (ISMS), ensuring the security and resilience of our operations and services.

Read Our Full Security Policy

Intellectual Property Protection

Overview: Protecting Intellectual Property

Our Intellectual Property Protection Policy is foundational to safeguarding the innovative and creative assets that drive our success. Here’s how we ensure our intellectual assets are secured:

Compliance Procedures: Defining the use of software and information products to ensure compliance.
Asset Registers: Maintaining records of all assets requiring intellectual property protection.
Software Acquisition and Disposal: Procedures to prevent copyright infringement during acquisition and ensure secure disposal or transfer.
Licensing: Maintaining proof of ownership and ensuring compliance with licensing agreements.
Public Networks and Outside Sources: Adhering to terms for software and information obtained externally.
Duplicating and Copying Restrictions: Avoiding unauthorized duplication or copying of protected materials.

These measures reflect our commitment to respecting and protecting intellectual property rights, both internally and in accordance with external legal standards.

Read Our Full IP Protection Policy

Responsible Asset Use

Overview: Acceptable Use of Assets

Our policy ensures the secure and responsible use of EMAYA's assets, emphasizing the protection of information and operational procedures. Here’s an outline of essential practices:

Asset Responsibility: Users must exercise good judgment in using EMAYA resources, adhering to our standards for lawful and intended purposes only.
Security Compliance: Monitoring and auditing of systems are conducted for compliance and maintenance, ensuring device and network integrity.
Password Management: Secure passwords and account information are vital, with adherence to internal password policies required.
Hardware and Software Management: Protecting proprietary information and ensuring the security of data, accounts, and systems under user control.
Prohibited Activities: Includes unauthorized access, introduction of malicious programs, and activities compromising network security.

This policy applies to all employees and affiliates, promoting a secure and efficient work environment.

Read Our Full Asset Use Policy

Clean Desk & Clear Screen

Overview: Maintaining Secure Workspaces

Our Clean Desk and Clear Screen Policy is crucial for protecting sensitive information and ensuring a secure and orderly work environment. Key guidelines include:

Clean Desk Policy: Workstations must be cleared of all documents and removable storage devices when not in use, especially when leaving for the day.
Clear Screen Policy: Computer screens must be locked when stepping away to prevent unauthorized viewing.
Eating and Drinking: Restricted in certain areas to protect against spills and potential data loss.
Shared Spaces: Meeting rooms and shared devices must be tidied after use, with sensitive information erased or securely stored.
Roles and Responsibilities: All employees are accountable for adhering to these practices, with specific duties outlined for supervisors, IT staff, and admin personnel.

Adhering to these practices helps safeguard our information assets and supports our overall security posture.

Read Our Full Clean Desk & Clear Screen Policy

User Device Security

Overview: Safeguarding Endpoint Devices

The User Endpoint Device Protection Policy ensures the secure use and management of all endpoint devices to protect our organizational information. Key aspects include:

Device Registration: Mandatory registration of all endpoint devices for monitoring and security compliance.
Physical Protection: Guidelines for the physical security of devices, including secure storage and use of cable locks.
Technical Controls: Implementation of technical measures such as encryption, malware protection, and access controls to secure devices.
BYOD Security: Specific requirements for personal devices used for work purposes, ensuring they meet organizational security standards.
User Responsibility: Clear responsibilities for users in maintaining device security, including secure storage and regular updates.

This policy is integral to maintaining the integrity and confidentiality of our data across all user endpoint devices.

Read Our Full Device Security Policy

Work From Home Guidelines

Overview: Remote Work Policy

Our Work From Home Policy is designed to ensure productivity, security, and work-life balance while working remotely. Here are the key points:

Eligibility and Approval: Criteria include job nature, client approval, and minimum employment duration, among others.
Technical Requirements: Specific hardware, software, and internet connectivity standards must be met to facilitate effective remote work.
Work Schedule: Adherence to standard work hours to maintain consistency and reliability.
Communication and Collaboration: Regular check-ins and the use of company-approved communication tools are required.
Data Security: Following best practices for data protection, including the use of VPNs and secure passwords.

This policy applies to all eligible employees under specific conditions, such as government-declared emergencies or other circumstances.

Read Our Full WFH Policy

Access Control & Physical Security

Overview: Securing Access to Our Assets

Our Access Control and Physical Security policies are designed to protect sensitive information and physical assets. Key elements include:

User Access Management: Implementing the principle of least privilege and ensuring access is granted based on the need-to-know basis.
Physical Security Measures: Controlling physical entry to our facilities and safeguarding against unauthorized access.
Authentication and Authorization: Utilizing secure methods for verifying identity and granting access rights.
Monitoring and Compliance: Regular audits and monitoring to detect and respond to security incidents promptly.

Adherence to these policies is critical for maintaining the integrity and security of our operations.

Read Our Access Control Policy

Internal Work Regulations

Overview: Securing Access to Our Assets

All employees are expected to adhere to the following standards of conduct:

Compliance with all company policies, procedures, and rules.
Honesty, integrity, and respect for others.
Maintaining a safe and healthy work environment.
Avoiding behavior that may lead to conflicts of interest.
Protecting the organization's property and confidential information.
Reporting any breaches of conduct.

Employees are also expected to adhere to the Reglamento Interno de Trabajo which is based in the “Código de Trabajo de la República de El Salvador’’

Read Our Internal Work Regulations Read Our Disciplinary Matrix

Policy Library