Vijilan is owned and operated by Vijilan Security, LLC.

This Information Security Policy explains the security measures taken by Vijilan in regards to the data and information of users or any third party involved in the commercial operation of Vijilan and its provision of services. In this information security policy, the words “website” refers to the Vijilan website, “we”, “us”, “our”, “company” and “Vijilan” refer to Vijilan and “you”, “customer” and “user” refer to you, the Vijilan user.

This aggregate of directives, regulations, rules, and practices prescribes how Vijilan manages, protects, and distributes information.

1. SCOPE

This policy applies to all users of Vijilan’s information assets, as defined in the scope of application. The responsibility for protecting the company’s resources is the responsibility of all employees.This policy covers all Information Systems operated by Vijilan or contracted with third parties by Vijilan. The term Information Systems defines the total environment and includes, but is not limited to, all documentation, physical and logical controls, personnel, hardware (e.g., desktops, network devices and wireless devices), software and information.

Although this policy explicitly covers the responsibilities of users, it does not do so exclusively. Other Vijilan information security policies, standards and procedures define additional responsibilities. All users are required to read, understand and comply with other Information Security policies, standards and procedures. If any user does not fully understand any of these documents, he/she should contact us through our contact information. The affected department/division units will jointly resolve any conflicts arising from this policy.

2. POLICY STATEMENT

Vijilan will adopt a risk-based approach to protect its critical information assets and confidential customer information from likely and high-impact threats, and will integrate information security principles into the organizational culture, making it the responsibility of each and every employee to ensure that a robust information security structure is maintained. 

3. PURPOSE

This policy establishes Vijilan’s intention to identify and protect its critical information assets. The security principles adopted by the company are: 

1. Confidentiality: The information must be accessible only to authorized personnel. 
2. Integrity: Information must be modifiable only by authorized personnel. 
3. Availability: The information must be available to the personnel who need it. 

Risks to information and infrastructure come from many sources: users, suppliers, hackers and former employees. Risks from viruses and worms are still ever-present. In addition, the organization’s business continuity and disaster recovery plans are essential requirements that must be implemented in the event of a disaster so that critical business functions continue to function and all operations recover from the disaster within an acceptable time frame. 

In such a situation, it is the responsibility of each and every employee to protect company and customer information. All processes and procedures followed in the company are also very important and must comply with the information security principles adopted.

4. DOCUMENT DESCRIPTION

It is the responsibility of all the company’s employees, and vendors to comply with this policy and other associated security policies. The information security team is responsible for reviewing and updating this policy as and when required and /or at least once every year.

5. SECURITY AWARENESS PROGRAM

It is important to implement security awareness initiatives at all levels of the organization, including senior management, middle management, team leaders, and head of the departments, support staff, and any third parties. 

The information security awareness sessions will be an ongoing initiative which will ensure that all the employees and contractors are aware of the information security policies that are relevant to them. In addition, all the procedures, guidelines, and information security best practices in conjunction with other laws, regulations, and management best practices as adopted by the company.

Online annual information security awareness will be done in addition to an awareness session for new joiners during onboarding and induction by respective HR.

6. COMPETENCE

The company shall ensure that employees and contractors in the field of information security have the appropriate skills and competencies to do so and shall maintain records of the data received.

7. MONITORING, MEASUREMENT, ANALYSIS AND EVALUATION

In addition to maintaining the information security management system, it is imperative to monitor and measure its ongoing efforts and results as well. There will be a detailed documented process to identify metrics for specific controls implemented in the company and which will also identify techniques for implementing and reviewing measurements of the identified metrics. The inputs and outputs to the measurements will be reviewed on a regular basis.

8. CONTINUAL IMPROVEMENT

Vijilan’s policy on continuous improvement is:

• Continuously improve the effectiveness of information security policies.
• Improve current processes to align them with the best practices defined by ISO/IEC 27001 and other related standards.
• Increase the level of information security proactivity.
• Make information security processes and controls more measurable to provide a sound basis for informed decision making.
• Periodically review relevant metrics to assess whether it is appropriate to change processes and controls, based on historical data collected.
• Review improvement ideas at regular management meetings to establish priorities and evaluate timelines and benefits with respect to information security policies.

9. COMPLIANCE WITH LEGAL AND CONTRACTUAL REQUIREMENTS

The company will protect your sensitive information from unauthorized disclosure. Vijilan establishes its policies in accordance with the main data protection and information security regulations:

• Europe: General Data Protection Regulation (GDPR). 
• United States: the California Consumer Privacy Act (CCPA), the Florida Information Protection Act of 2014 (FIPA).
• Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA).
• United Kingdom: The Data Protection Act 2018.
• Australia: The Privacy Act 1988 (Privacy Act).

The company constantly evaluates changes in the different international legislation and regulations regarding information security in which it operates. The company evaluates the changes in terms of their impact by defining the process of reviewing and incorporating the new international regulations in the different processes of the company to ensure that the processes of handling, processing and security of information comply with current international regulations.

10. REVIEW

The information security policy, as well as other security policies, should be reviewed periodically. This review shall be carried out in the following circumstances: 

• Once every 12 months
• If there is a significant change in the technologies used by the company.
• If there is a significant change in the external threat environment that requires a review of the risk profile. 
• If there is a significant change in the customer’s information security requirements/guidelines.

11. COMMUNICATION

• The information security policy will be disseminated to all employees and contractors by email.
• All communications related to the media and financial markets from interested parties will be made by the executive team only when necessary through press events, conferences and e-mails. No employee of the organization may contact the media or financial markets without the respective authorization.
• All employees, in their daily work, must act as representatives and ambassadors of the company and are authorized to speak to the client in line with the services provided by the company only. Privileged information will be kept confidential.
• Information on Vijilan’s website will be uploaded upon approval of the respective authorized area in line with the agreement of the executive committee.
• Communication with internal and external stakeholders shall be in line with the organization’s position and strategy and shall be made on a situational basis.
• When speaking at conferences, presentations must be verified by the authorized area of the company.

12. ENFORCEMENT

Necessary disciplinary action will be taken against any employee not following the policies and procedures laid down by the company. Similarly, action will be taken against those employees encouraging/observing such an activity and not reporting the same to the concerned authority. Any employee found to have violated this policy may be subject to disciplinary action.

13. CONTACT US

If you have any questions or concerns about this information security policy, please contact us through our contact page, our chat or by using the contact information below:

Vijilan. 

Phone: +1 (954) 334-9988

Email: info@vijilan.com

Address: 20803 Biscayne Blvd 302 Aventura, Florida 33180.