Cybersecurity Policy

1. Policy Statement

Our agency is committed to maintaining the highest standards of information security, data privacy, and cyber risk management. We recognize the critical importance of protecting our assets, client data, and the integrity of our digital marketing and software services against all cyber threats. This policy establishes the framework for managing cybersecurity risks, ensuring business continuity, and complying with legal and regulatory requirements.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of Nomadic LLC who have access to our network, systems, or data. It covers all forms of technology and data, including but not limited to computers, mobile devices, cloud systems, software applications, and digital files.

3. Objectives

  • To protect company and client data from unauthorized access, disclosure, alteration, destruction, or theft.
  • To ensure the confidentiality, integrity, and availability of our information assets.
  • To comply with all applicable laws, regulations, and standards related to information security and data protection.
  • To foster a culture of security awareness and responsibility among all staff and associates.

4. Responsibilities

  • Management: Ensures the cybersecurity policy is aligned with business objectives and regulatory requirements. Provides necessary resources for implementing cybersecurity measures.
  • Security Risk Management Committee: Implements and maintains security risk management plan which includes technical security controls, monitors security systems, and responds to security incidents.
  • Employees: Comply with all aspects of the cybersecurity policy, including the use of passwords, device management, and data protection.

5. Data Protection and Privacy

  • Implement data encryption for sensitive and personal data both at rest and in transit.
  • Adhere to privacy laws and regulations affecting client data, such as HIPAA, GDPR or US data privacy laws.
  • Regularly review and update data retention policies to ensure data is not kept longer than necessary.

6. Access Control

  • Enforce strict access control policies, ensuring employees have access only to the data and systems necessary for their job functions.
  • Use multi-factor authentication (MFA) for accessing internal systems, especially for remote access and sensitive applications.

7. Cybersecurity Measures

  • Deploy firewalls, antivirus software, intrusion detection/prevention systems, and endpoint protection solutions.
  • Regularly update and patch operating systems, applications, and security tools to protect against known vulnerabilities.
  • Conduct regular security assessments, vulnerability scans, and ongoing security monitoring.

8. Incident Response and Reporting

  • Establish an incident response plan detailing procedures for responding to cybersecurity incidents, including identification, containment, eradication, recovery, and post-incident analysis.
  • Define clear reporting lines for suspected or confirmed security incidents.

9. Employee Training and Awareness

  • Provide ongoing cybersecurity training to all employees, covering topics such as phishing, social engineering, secure password practices, and safe internet usage.
  • Promote a culture where security concerns can be raised freely, ensuring swift action and mitigation.

10. Third-Party Risk Management

  • Assess the security practices of third-party vendors and partners who have access to company data.
  • Include security requirements in contracts with third parties and conduct regular reviews of their compliance.

11. Compliance and Legal Requirements

  • Ensure compliance with all relevant cybersecurity legislation, industry standards, and best practices.
  • Regularly review and update the cybersecurity policy and related procedures to reflect changes in laws, technologies, and business operations.

12. Policy Review and Update

This policy will be reviewed at least annually or following significant changes to our operations or the threat landscape. Any amendments will be approved by senior management and communicated to all relevant parties.

Conclusion

Nomadic LLC is dedicated to safeguarding our digital environment. By adhering to this cybersecurity policy, we protect not only our assets but also the trust placed in us by our clients and partners.

If you have any questions about this policy, please contact us via email at [email protected].