Information Security

Introduction

At LiquidQube, protecting our information assets, customer data, and systems is a core priority. This Information Security Policy outlines our commitment to safeguarding the confidentiality, integrity, and availability of all information under our control. It provides a framework for managing information security risks and ensuring compliance with applicable laws, regulations, and industry standards.

Scope

This policy applies to all employees, contractors, partners, suppliers, and stakeholders who interact with LiquidQube’s information systems, data, and assets. It covers all forms of information, whether electronic, paper-based, or verbal, across all locations where LiquidQube operates.

Objectives

Confidentiality: Protect sensitive information from unauthorised access and disclosure.

Integrity: Ensure the accuracy, completeness, and reliability of information.

Availability: Maintain reliable access to information and systems when required.

Key Principles

Access Control:

Implement the principle of least privilege, restricting access to information based on job roles and responsibilities.

Enforce strong authentication mechanisms, including multi-factor authentication (MFA).

Data Classification and Handling:

Classify information into sensitivity levels (e.g., public, confidential, restricted).

Ensure proper handling, storage, and disposal of sensitive data in line with classification requirements.

Secure Communication:

Encrypt sensitive data in transit and at rest.

Use secure communication channels for sharing and transmitting information.

Physical Security:

Restrict physical access to information systems and data storage areas.

Implement safeguards to protect against physical threats such as theft, damage, or unauthorised access.

Incident Management:

Establish a clear incident response plan for identifying, reporting, and mitigating security incidents.

Conduct root cause analyses and implement corrective actions to prevent recurrence.

Third-Party and Supplier Security:

Require all third parties and suppliers to adhere to LiquidQube’s security standards.

Perform regular security assessments and due diligence on third-party providers.

Training and Awareness:

Provide ongoing security awareness training to employees and contractors.

Promote a culture of security by encouraging vigilance and best practices.

Monitoring and Logging:

Continuously monitor information systems for suspicious activities and potential threats.

Maintain logs of system activities to support forensic investigations and compliance requirements.

Compliance:

Ensure compliance with applicable legal, regulatory, and contractual requirements related to information security.

Regularly review and align security practices with recognised industry standards and frameworks.

Data Backup and Recovery:

Maintain regular, secure backups of critical information.

Test recovery procedures periodically to ensure data availability in case of incidents.

Roles and Responsibilities

Leadership:

Provide resources and support to maintain robust information security practices.

Promote a culture of accountability for information security across the organisation.

Employees:

Follow all information security policies, procedures, and guidelines.

Report security incidents or suspicious activities immediately to the IT Security Team.

IT and Security Teams:

Develop, implement, and maintain security controls and protocols.

Monitor and respond to security threats in a timely manner.

Third Parties and Suppliers:

Comply with LiquidQube’s information security requirements.

Ensure security measures align with LiquidQube’s standards when accessing or processing organisational information.

Policy Implementation

Risk Assessments: Conduct regular risk assessments to identify and address vulnerabilities.

Develop and implement risk mitigation strategies.

Audits and Reviews: Perform periodic internal and external audits to evaluate the effectiveness of security measures.

Update policies and controls based on audit findings and emerging threats.

Secure Development: Incorporate security best practices into the design, development, and deployment of all software and systems.

Regularly test and validate the security of systems and applications.

Incident Reporting

All employees and stakeholders must report suspected or actual security incidents to compliance@liquidqubegroup.com immediately. Examples of incidents include:

Unauthorised access to information or systems.

Data breaches or leaks.

Malware infections or phishing attempts.

Policy Review

This Information Security Policy will be reviewed annually or as needed to address changes in the threat landscape, legal and regulatory requirements, or organisational needs. Updates will be communicated to all employees and relevant stakeholders.

Contact Information

For any questions or concerns regarding this policy, please contact the Compliance Department at compliance@liquidqubegroup.com.