Introduction
Mazo Solutions (“Company,” “we,” “our,” or “us”) is committed to maintaining the highest standards of cybersecurity to protect the confidentiality, integrity, and availability of information across our website, SaaS products, and services, including staffing solutions. This Cyber Security Information Policy outlines the measures we take to safeguard our systems, data, and users against cybersecurity threats.
This policy applies to all employees, contractors, partners, and users who access or interact with our website, services, or systems.
Objectives
The objectives of this policy are:
- To safeguard sensitive data from unauthorized access, disclosure, alteration, or destruction.
- To ensure the continuous availability of our services and platforms.
- To comply with applicable cybersecurity laws and regulations.
- To establish protocols for identifying, managing, and mitigating cybersecurity risks.
Scope
This policy applies to:
- Website and SaaS Platforms: All online systems, including customer portals, APIs, and administrative interfaces.
- Services: Staffing solutions, user data, and any digital or IT resources involved in delivering our services.
- Users: Customers, partners, employees, and contractors interacting with our digital infrastructure.
Information Security Principles
Mazo Solutions adheres to the following principles:
- Confidentiality: Ensuring that sensitive data is accessible only to authorized personnel.
- Integrity: Protecting data from being altered or tampered with by unauthorized entities.
- Availability: Ensuring that information and services are available to authorized users when needed.
- Compliance: Meeting regulatory and legal requirements related to cybersecurity.
Security Measures
1. Access Control
- Role-Based Access: Access to systems and data is granted based on the principle of least privilege.
- Authentication: Multi-factor authentication (MFA) is required for all user accounts.
- Session Management: Automatic logout after periods of inactivity.
2. Data Protection
- Encryption: Data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
- Backup: Regular backups are maintained, and disaster recovery plans are in place.
- Data Minimization: Collect only the necessary data for the intended purpose.
3. Network Security
- Firewalls: Firewalls are configured to restrict unauthorized access.
- Intrusion Detection Systems (IDS): Monitoring and alerting for potential security breaches.
- Secure APIs: APIs are secured using tokens and access controls.
4. Endpoint Security
- Antivirus and Malware Protection: All devices accessing our systems are equipped with up-to-date security software.
- Patch Management: Regular updates and patches are applied to all software and hardware.
5. Secure Software Development
- Code Reviews: All code is subject to peer review for security vulnerabilities.
- Testing: Regular penetration testing and vulnerability scans are conducted.
- Development Standards: Adherence to secure coding practices and frameworks.
6. User Awareness and Training
- Training: Regular cybersecurity training for employees and contractors.
- Phishing Simulations: Periodic tests to assess employee readiness.
7. Incident Management
- Detection: Real-time monitoring of systems for suspicious activity.
- Response: Incident response plans are in place to quickly mitigate and resolve issues.
- Reporting: All incidents are documented and reported to relevant stakeholders.
8. Physical Security
- Data Centers: Access to data centers is restricted and monitored.
- Devices: All devices storing sensitive data are physically secured.
Client Responsibilities
Mazo Solutions provides services as a staffing and technology solutions provider. While we implement robust measures to safeguard our systems and employees, the ultimate responsibility for the security of devices, networks, locations, and confidential information lies with the client. The obligations of the client are as follows:
1. Hardware and Device Security
- Clients are solely responsible for ensuring that all hardware and devices provided to Mazo Solutions employees or used to access our systems are equipped with secure configurations.
- The devices or access provided to Mazo Solutions employees may be used to access networks or devices of both Mazo Solutions and the client. Clients must ensure that these devices are protected with adequate security measures, including endpoint protection, such as firewalls, antivirus software, and encryption.
- If the hardware or device provided by the client lacks adequate security measures, Mazo Solutions will not be held accountable for any data breach or unauthorized access arising from these vulnerabilities.
2. Network Security
- The client must ensure that their networks, including Wi-Fi and internal systems, are secured against potential cybersecurity threats.
- This includes using strong passwords, network encryption, and regularly updating network infrastructure.
- Any network security failure or breach that impacts Mazo Solutions’ systems or employees will be the sole responsibility of the client.
3. Location-Based Restrictions
- Clients must ensure that employees accessing sensitive systems or data do so from secure and authorized locations. Remote access must be governed by secure VPNs or equivalent measures.
- Any security incidents caused by unauthorized or insecure access locations are the responsibility of the client.
4. Confidential Data Handling
- Clients are advised to carefully verify the data shared with Mazo Solutions employees. If confidential or sensitive data is shared mistakenly, Mazo Solutions will not assume liability for any misuse or breach of such data.
- Clients must implement internal checks to ensure sensitive information is not inadvertently disclosed.
5. Policies and Procedures
- Clients must establish and enforce internal cybersecurity policies and procedures to safeguard data and systems.
- Any non-compliance with these policies leading to a breach will be the sole responsibility of the client.
6. Incident Reporting
- In the event of a security breach originating from the client’s systems, the client is responsible for promptly notifying Mazo Solutions and taking immediate remedial actions.
7. Comprehensive Responsibility
- Clients must take all necessary safety measures to secure their devices, networks, locations, and confidential information. This includes, but is not limited to, implementing adequate firewalls, ensuring data encryption, and controlling access to sensitive systems and locations.
- Any issues arising from the lack of security measures or negligence in maintaining these safeguards will be solely the responsibility of the client. Mazo Solutions will not be held liable for breaches or data loss resulting from such lapses.
Limitation of Liability
Mazo Solutions’ role is limited to providing staffing and technology services. We are not responsible for:
- Security incidents or breaches arising from inadequate network or hardware security measures on the client’s side.
- Loss, alteration, or misuse of data shared by the client without proper verification or due diligence.
- Any breach of trust or confidentiality caused by the client’s internal processes, employees, or third-party contractors.
Compliance
Mazo Solutions complies with the following regulations and standards:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- ISO/IEC 27001: Information Security Management
- NIST Cybersecurity Framework
User Responsibilities
Users interacting with our website or services are responsible for:
- Using strong and unique passwords.
- Keeping authentication credentials secure.
- Reporting suspicious activity or potential security incidents.
Data Breach Notification
In the event of a data breach, Mazo Solutions will:
- Notify affected users and regulatory authorities within the timeframes required by applicable laws.
- Provide guidance on mitigating risks associated with the breach.
Policy Review and Updates
This policy is reviewed and updated annually or as needed to reflect changes in technology, regulations, or our services. Updates will be communicated to all stakeholders.
Contact Us
For questions, concerns, or to report a security incident, please contact:
Mazo Solutions
Email: contact@mazosol.com