Data Security Policy

1. Purpose

The purpose of this Data Security Policy is to establish and communicate the security measures and responsibilities within One Start LLC to protect sensitive and personally identifiable information (PII) that our organization collects, processes, and stores. This policy supports our commitment to secure information assets, customer data, and other confidential information against unauthorized access, disclosure, alteration, or destruction.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of One Start LLC who have access to our data systems and records. It covers all forms of data, including electronic and paper records, that the organization handles.

3. Data Classification

Data within One Start LLC is classified into categories based on sensitivity and the impact to the organization if such data were to be accessed, disclosed, altered, or lost. The classifications are:

  • Confidential: Data with the highest level of sensitivity, including PII, financial information, and trade secrets.
  • Internal Use Only: Data that is sensitive and intended for internal use but does not include PII.
  • Public: Data that can be made public without any implications for One Start LLC.

4. Data Protection Measures

Encryption

  • All sensitive and PII data stored on our servers is encrypted at rest and in transit to prevent unauthorized data access.
  • Encryption keys are managed and rotated periodically to enhance security.

Access Control

  • Access to sensitive and PII data is restricted to authorized personnel only, based on their role within the organization.
  • Multi-factor authentication (MFA) is required for access to systems containing sensitive data.

Data Retention and Disposal

  • Data is retained only for the period necessary for its intended purpose or as required by law.
  • Secure methods, such as electronic wiping and physical destruction, are used for the disposal of data to prevent recovery.

5. Incident Response Plan

  • One Start LLC has an Incident Response Plan in place to promptly respond to any data breach or security incident. The plan includes procedures for incident identification, assessment, containment, eradication, recovery, and post-incident analysis.

6. Training and Awareness

  • All employees and contractors are required to complete data security training upon hire and annually thereafter.
  • Regular security awareness programs are conducted to keep the team updated on the latest threats and safe data handling practices.

7. Third-Party Vendors

  • Third-party vendors with access to One Start LLC’s data must comply with this Data Security Policy and are subject to regular security assessments.

8. Policy Review and Updates

  • This policy will be reviewed annually and updated as necessary to reflect changes in legal, regulatory, or business requirements.

9. Enforcement

Violations of this policy will be handled according to One Start LLC‘s disciplinary procedures and may result in disciplinary action, up to and including termination of employment or contracts.

10. Contact Information

For questions or concerns about this Data Security Policy, please contact:

  • Security Officer: Umut Yusuf Tontus
  • Email: umut.tontus@onestartlabs.com
  • Phone: +90 542 598 3123