Our policies are available to interested parties as part of our ISMS framework. Some examples of topics that are defined in these documents include:
-
Roles and responsibilities in data protection
-
Process of handling data subject requests
-
Process of notifying data breaches
-
Appointment, position, and duties of the data protection officer
-
General principles of information asset care
-
Access and password policy and management
-
Use policy (internet, wifi, devices, printers, home-office, personal / work use, BYOD, etc.);
-
General principles of communication (emails, WhatsApp, messengers, skype, social media, encryption, and protection of messages)
-
General principles of information handling and manipulation with regard to printed and paper documents (information classification and clean desk policy);
-
Principles and processes for subcontractor selection and evaluation of compliance.
-
Internal controls, education, training, reporting, and awareness training;
-
Confidentiality
In addition to these confidential policies and procedures, Piano also has policies to be shared upon request. These include:
-
Piano Public Acceptable Use Policy
-
Piano Public DRP
-
Piano Public Information Security Policy
-
DPIA template as support for GDPR compliance of our clients