Skip to content Skip to footer
info@helium.com.co
Linkedin Instagram Facebook
Let’s Talk
Close
Information Security Policy.
1. Introduction

Effective Date: 12-16-2024

Helium (“Company,” “we,” “us,” or “our”) is committed to safeguarding the confidentiality, integrity, and availability of all information assets. This Information Security Policy outlines the measures we take to protect data from unauthorized access, use, disclosure, disruption, modification, or destruction.

1. Purpose

The purpose of this policy is to:

• Ensure the security of sensitive information, including personal data, financial
records, and business-critical information.
• Protect our Website, infrastructure, and services from security threats.
• Comply with applicable legal, regulatory, and contractual obligations.

2. Scope

This policy applies to:

• All employees, contractors, and third-party service providers who handle or
process information on behalf of the Company.
• All systems, networks, and applications owned or operated by the Company.
• All types of data, including customer, employee, and proprietary business
information.

3. Roles and Responsibilities

• Management: Responsible for enforcing the Information Security Policy and ensuring compliance.
• Employees and Contractors: Required to follow security guidelines and report any breaches or vulnerabilities.
• IT Team: Responsible for implementing technical safeguards and monitoring systems for threats.

4. Key Security Measures

We implement the following safeguards to ensure information security:

4.1 Access Control:

• Access to information is granted on a need-to-know basis.
• Multi-factor authentication (MFA) is required for accessing sensitive systems.
• User accounts are regularly reviewed and deactivated when no longer
needed.

4.2 Data Encryption:

• Sensitive data is encrypted during transmission (e.g., using SSL/TLS) and at rest.
• Encryption keys are stored securely and managed by authorized personnel.

4.3 Network Security:

• Firewalls, intrusion detection systems (IDS), and regular network monitoring are employed to prevent unauthorized access.
• Regular vulnerability assessments and penetration testing are conducted.

4.4 Physical Security:

• Physical access to servers and sensitive systems is restricted to authorized personnel.
• Office premises are secured with access control systems and surveillance.

4.5 Backup and Recovery:

• Regular backups are performed for critical systems and data.
• Backup data is stored securely and tested periodically for recovery.

4.6 Employee Training:

• Employees are trained on data protection, phishing awareness, and secure handling of sensitive information.

5. Incident Response

We have an incident response plan to handle potential security breaches:

• Detection: Security incidents are promptly identified and reported.
• Response: Incidents are analyzed, contained, and mitigated to minimize impact.
• Notification: Affected parties are notified as required by law or regulation.
• Recovery: Systems and services are restored to normal operations.
• Review: Incidents are reviewed to improve security measures.

6. Third-Party Security

We require third-party service providers to adhere to our security standards. Contracts with vendors include data protection agreements and regular security assessments.

7. Monitoring and Auditing

We regularly monitor and audit systems to ensure compliance with this policy:

• Audit logs are maintained for critical systems.
• Security controls are reviewed and updated periodically.

8. Compliance and Legal Requirement

This policy aligns with applicable laws and regulations, including but not limited to:

• HIPAA (Health Insurance Portability and Accountability Act)
• HITECH (Health Information Technology for Economic and Clinical Health Act)
• GDPR (General Data Protection Regulation)

9. Policy review

This policy is reviewed annually or whenever there are significant changes to our business processes, technology, or regulatory environment.

10. Contact Us

For questions or concerns regarding this policy, please contact us at: Email: info@helium.com.co

Address: Unicentro Plaza, local 9-30. Av. 27 de Febrero esq. Abraham Lincoln, Santo Domingo, Dominican Republic.