Protect Access Control
We implement measures to ensure authorized access and prevent unauthorized access to resources.
Awareness and Training
We provide cybersecurity education to employees and stakeholders.
Data Security
We protect data through encryption, access controls, backup, and secure storage.
Information Protection Processes and Procedures
We have processes to protect sensitive information throughout its lifecycle.
Maintenance
We regularly update systems and software to address security vulnerabilities.
Controls: • Encrypt data on personal computers, laptops, and mobile devices. • Run automated patch management.
• Implemented robust file backup management program, with off-site backup location. • Conduct mandatory annual security awareness training and quarterly phishing tests. • Host remedial training exercises for employees with unsuccessful phishing tests (i.e. more than twice a year). • Have secure application development process, which adheres to OWASP.
Detect Anomalies and Events
We implement mechanisms to identify and detect unauthorized activities or abnormal behaviour.
Continuous Monitoring
We regularly monitor systems and networks to detect potential security incidents.
Security Controls
We leverage technologies and processes to detect and respond to security events.
Controls: • Protect devices with next generation anti-virus, with endpoint detection and response. • Monitoring system audit logs through a managed Security Operations Centre (this is done 24/7/365).
RICHARDSON INTERNATIONAL SUSTAINABILITY REPORT 2022 | 59
Made with FlippingBook interactive PDF creator