Security Policy

    Purpose of the Information Security Policy

    The policy safeguards the confidentiality, integrity, and availability of Devox Software Inc.’s information assets so the Company can operate reliably, meet legal and contractual obligations, and maintain stakeholder trust. It establishes high-level requirements that guide every function and serves as the foundation for supporting standards, procedures, and technical controls.

    Implementation of Information Security

    Security is integrated across all business processes and the secure-development lifecycle (SDLC). Controls are selected using a risk-based approach aligned with ISO 27001 and NIST SP 800-53. Layered technical, administrative, and cultural measures create defense-in-depth.

    Risk Assessment

    Risks are identified, analysed, and documented at least annually, or whenever major changes occur. Each new system undergoes a formal risk assessment; residual risks are accepted only by the system owner and logged in the central risk register.

    Data Classification and Processing

    Information is classified as Public, Internal, Confidential, or Restricted. Handling rules cover storage, transmission, access, and disposal. Encryption in transit and at rest is mandatory for Confidential and Restricted data.

    Processing of Personal Data

    We process personal data according to the EU GDPR (for EEA data subjects), U.S. state privacy laws (e.g., CCPA/CPRA, VCDPA, CPA, CTDPA), and other applicable regulations. Privacy-by-design reviews and Data-Protection Impact Assessments are embedded in the SDLC.

    Information Security Requirements

    Key minimum controls include multi-factor authentication, least-privilege access, CI/CD security testing, network segmentation, zero-trust principles, vulnerability scanning, patch management, secure backups, and disaster-recovery capability. Third-party providers must sign security addenda and pass due-diligence reviews.

    Information Security Training

    All staff complete security-awareness training at onboarding and annually. Role-based modules cover secure coding, incident handling, and privacy. Phishing simulations and threat briefings reinforce secure behavior.

    Control and Monitoring

    Critical systems send tamper-evident logs to a 24 × 7 SIEM monitored by the Security Operations Center (SOC). Automated alerts trigger investigation; metrics are reported to executive leadership.

    Processing of Information Security Incidents

    Our Incident Response Plan follows NIST SP 800-61 phases: preparation, detection/analysis, containment, eradication, recovery, and post-incident review. The Computer Security Incident Response Team (CSIRT) coordinates actions and communications.

    Information Security Breaches

    Any suspected or confirmed breach must be reported immediately via the designated channel. Breaches involving personal data are notified to regulators and affected individuals within statutory timeframes (e.g., 72 hours under GDPR).

    Responsibilities and Organization

    Role Key Responsibilities
    Board of Directors Approves the Security Policy and receives risk reports.
    Chief Executive Officer Provides resources and oversight.
    Information Security Steering Committee Reviews risks, endorses major initiatives, and tracks remediation.
    Department Heads / Product Owners Implement controls in their domains and sign off on residual risks.
    Employees & Contractors Follow policy, complete training, and report incidents.

    Information Security Steering Model

    The Steering Committee meets quarterly to align security objectives with enterprise risk management. Key Risk Indicators and KPIs track progress; independent audits and management reviews drive continual improvement.

    Contact Us

    Are You Looking to Boost Your Business Efficiency, Reduce Costs, and Accelerate Your Growth?

    Partner with Devox Software, a leading IT provider, and experience the power of tailored technology solutions designed to meet your unique needs.

    Take the first step towards unparalleled efficiency and innovation. Contact us today for a free consultation and discover how we can help your business thrive in the digital age.

    Let's Discuss Your Project!

    Share the details of your project – like scope or business challenges. Our team will carefully study them and then we’ll figure out the next move together.






      By sending this form I confirm that I have read and accept the Privacy Policy

      Thank You for Contacting Us!

      We appreciate you reaching out. Your message has been received, and a member of our team will get back to you within 24 hours.

      In the meantime, feel free to follow our social.


        Thank You for Subscribing!

        Welcome to the Devox Software community! We're excited to have you on board. You'll now receive the latest industry insights, company news, and exclusive updates straight to your inbox.