Policy
Information Security Policy
FreightRoll Information Security Program
FreightRoll recognizes the importance of maintaining the confidentiality, integrity, and availability of its information assets. This information security policy outlines the measures FreightRoll takes to protect assets against unauthorized access, use, disclosure, modification, or destruction.
This policy applies to all employees, contractors, and third-party vendors who have access to FreightRoll information assets.
Information Security Management
FreightRoll implements and maintains an Information Security Management System (ISMS) aligned with industry best practices and legal requirements. The ISMS follows a risk management approach to identify, assess, and mitigate risks to confidentiality, integrity, and availability.
Access Control
FreightRoll implements role-based access control (RBAC) so access is granted by job function and need-to-know. Strong authentication controls, including multi-factor authentication where appropriate, are used to reduce unauthorized access risk.
Data Classification
Information assets are classified by sensitivity and criticality. Classification determines required controls for access, protection, and retention, and employees are responsible for handling classified data according to policy.
Security Objectives and Impact Levels
| Security Objective | Low | Moderate | High |
|---|---|---|---|
| Confidentiality | Unauthorized disclosure could have a limited adverse effect on operations, assets, or individuals. | Unauthorized disclosure could have a serious adverse effect on operations, assets, or individuals. | Unauthorized disclosure could have a severe or catastrophic adverse effect on operations, assets, or individuals. |
| Integrity | Unauthorized modification or destruction could have a limited adverse effect on operations, assets, or individuals. | Unauthorized modification or destruction could have a serious adverse effect on operations, assets, or individuals. | Unauthorized modification or destruction could have a severe or catastrophic adverse effect on operations, assets, or individuals. |
| Availability | Disruption of access or use could have a limited adverse effect on operations, assets, or individuals. | Disruption of access or use could have a serious adverse effect on operations, assets, or individuals. | Disruption of access or use could have a severe or catastrophic adverse effect on operations, assets, or individuals. |
Data Protection
FreightRoll implements technical and organizational controls to protect information assets against unauthorized access, use, disclosure, modification, or destruction. Controls include encryption, firewall and endpoint protections, intrusion detection, and backup and recovery.
Incident Management
FreightRoll maintains an incident management process to detect, respond to, and recover from information security incidents, including reporting, investigation, containment, recovery, lessons learned, and stakeholder notification.
Security Awareness
FreightRoll provides security awareness training to employees, contractors, and third-party vendors, including policy awareness, data classification, access control, data protection, incident management, and social engineering.
Enforcement
FreightRoll enforces this policy through appropriate disciplinary and contractual actions and performs periodic audits and assessments to ensure the policy is effective and followed.
Conclusion
FreightRoll treats information security as a core business requirement and continuously improves controls to protect information assets and ensure personnel understand their responsibilities.