Information Security Policy

Contents

  1. Introduction
    This Policy Document encompasses all aspects of security surrounding confidential company information
    and must be distributed to all company employees. All company employees must read this document in
    its entirety and sign the form confirming they have read and understand this policy fully. This document
    will be reviewed and updated by Management on an annual basis or when relevant to include newly
    developed security standards into the policy and distribute it all employees and contracts as applicable.
  2. Information Security Policy
    RxOrdnance, LLC handles sensitive cardholder information daily. Sensitive Information must have
    adequate safeguards in place to protect them, to protect cardholder privacy, to ensure compliance with
    various regulations and to guard the future of the organisation.
    RxOrdnance, LLC commits to respecting the privacy of all its customers and to protecting any data about
    customers from outside parties. To this end management are committed to maintaining a secure
    environment in which to process cardholder information so that we can meet these promises.
    Employees handling Sensitive cardholder data should ensure:
    Handle Company and account data including cardholder information in a manner that fits with
    their sensitivity;
    Limit personal use of RxOrdnance, LLC information and telecommunication systems and ensure it
    doesn’t interfere with your job performance;
    RxOrdnance, LLC reserves the right to monitor, access, review, audit, copy, store, or delete any
    electronic communications, equipment, systems and network traffic for any purpose;
    Do not use e-mail, internet and other Company resources to engage in any action that is offensive,
    threatening, discriminatory, defamatory, slanderous, pornographic, obscene, harassing or illegal;
    Do not disclose personnel information unless authorised;
    Protect sensitive cardholder information;
    Do not use e-mail or other end messaging technologies such as messenger WhatsApp, Signal to
    share sensitive data including account data in the form of cardholder information.
    Keep passwords and accounts secure;
    Request approval from management prior to establishing any new software or hardware, third
    party connections, etc.;
    Do not install unauthorised software or hardware, including modems and wireless access unless
    you have explicit management approval;
    Always leave desks clear of sensitive cardholder data and lock computer screens when unattended;
    Information security incidents must be reported, without delay, to the individual responsible for
    incident response locally – Please find out who this is.
    We each have a responsibility for ensuring our company’s systems and data are protected from
    unauthorised access and improper use. If you are unclear about any of the policies detailed herein you

should seek advice and guidance from your line manager.