Security Policy
Effective Date: June 12, 2023
Information Security Program Policy
Introduction
This Information Security Program Policy ("Policy") outlines the requirements and guidelines for the implementation and maintenance of an effective information security program by Gaize, Inc. (also the Company). The purpose of this Policy is to ensure the security, integrity, and confidentiality of Confidential Information and protect against unauthorized access, anticipated threats, and hazards.
Definitions
1. Information Security Program: Refers to the comprehensive set of policies, procedures, and controls implemented by the Vendor to protect the security, integrity, and confidentiality of Confidential Information.
2. Company: Refers to Gaize, Inc.
3. Customer and User / Receiving Party: Refers to the party, that receives or is granted access to Confidential Information from Gaize, Inc. under the terms of the Agreement (the Receiving Party). The Receiving Party has an obligation to protect the confidentiality and security of the Confidential Information disclosed to them by the Disclosing Party. The Receiving Party may have specific responsibilities and restrictions related to the handling, use, and disclosure of the Confidential Information as outlined in the Agreement and any associated exhibits or addenda. The Receiving Party may include the Vendor when receiving Confidential Information from the Company or the Company when receiving Confidential Information from the Vendor.
4. Confidential Information: Any non-public information created by Gaize, Inc., contractors, other third parties, or disclosed by customers, including but not limited to trade secrets, financial information, customer data, proprietary technology, and any other information that is identified as confidential or should reasonably be understood to be confidential.
5. Security Requirements: The specific controls, safeguards, and practices that Gaize, Inc. must adhere to in order to protect the security, integrity, and confidentiality of Confidential Information, as defined in this Agreement.
6. Security Breach: Any unauthorized access to, disclosure, loss, alteration, or destruction of Confidential Information that compromises its security, integrity, or confidentiality.
7. Remediation: Taking prompt corrective actions to address identified vulnerabilities, deficiencies, or non-compliance with the security requirements or applicable laws and regulations.
8. Assessments and Audits: Systematic and periodic evaluations conducted to identify vulnerabilities, measure compliance, and assess the overall effectiveness of the information security program.
Program Objectives
This information security program is designed to achieve the following objectives:
A. Ensure the security, integrity, and confidentiality of Gaize and customers’ Confidential Information.
B. Protect against any anticipated threats or hazards to the security or integrity of Confidential Information held by Gaize.
C. Protect against unauthorized access to or use of Gaize’s held Confidential Information that could result in substantial harm or inconvenience to the Company, a customer, a contractor, other third party, or the person or entity to whom such information relates.
D. Ensure the proper disposal of Confidential Information.
Data Protection
Gaize, Inc. shall continuously monitor industry-standard information channels for newly identified vulnerabilities and promptly fix or patch any identified vulnerabilities based upon risk.
Additionally, the Company shall comply with all applicable laws governing privacy, data protection, data security, and the handling of data security breaches. The Company shall promptly execute, when determined to be necessary, supplemental or amended security and data protection terms, and data transfer agreements without delay. Gaize, Inc. shall also ensure that its subcontractors, if any, promptly execute the necessary agreements as required by applicable law or as mutually agreed upon.
Compliance by Subcontractors
Gaize, Inc. shall require its agents or permitted subcontractors who have access to Confidential Information to comply in all material respects with the security requirements outlined in this Agreement, including this section. Gaize, Inc. shall be responsible for ensuring that subcontractors are aware of and adhere to the security obligations and shall take appropriate measures to monitor and enforce compliance.
Program Evaluation and Improvement
Gaize, Inc. shall conduct regular assessments and audits of its information security program to evaluate its effectiveness and identify areas for improvement. Any identified vulnerabilities, deficiencies, or non-compliance shall be promptly addressed and remediated. Gaize, Inc. shall also stay informed about emerging threats, industry best practices, and evolving regulatory requirements to continuously enhance the information security program.
Policy Review and Modification
This Policy shall be reviewed periodically and updated as necessary to reflect changes in technology, business practices, and legal or regulatory requirements. Gaize, Inc. shall promptly communicate any material changes to customers, contractors, and other third-parties bound by this agreement.
Enforcement
Failure of subcontractors or other third parties entrusted with Confidential Information to adhere to the terms of this policy may result in immediate termination of current and future contracts and any other legal remedies available to Company. All parties entrusted with Confidential Information acknowledge that any non-compliance with this Policy may cause significant harm to the Company, its customers, or individuals associated with Company's Confidential Information.
Policy Acceptance
By using the Gaize services, the Customer and User acknowledge that they have read, understand, and agree to comply with the provisions outlined in this Information Security Program Policy. The Customer and User further acknowledge that they are responsible for implementing and maintaining appropriate security measures to protect Confidential Information in accordance with the requirements set forth in this Policy.
Gaize, Inc. may, from time to time, need to cooperate with third party audits of this information security program, providing necessary documentation and information upon request. The Customer and User agree to comply with all legal requests related to compliance with these audits. The Customer and User also agree to promptly notify Company of any security breaches or incidents involving Gaize, Inc.’s Confidential Information and to take immediate action to mitigate the impact of such incidents.
The Customer and User understand that the security of Gaize, Inc.’s Confidential Information is of utmost importance, and any violations of this Policy may result in legal consequences, including financial liabilities, loss of business opportunities, and damage to reputation.
This Policy shall remain in effect unless otherwise stated by Gaize, Inc.