Information Security Policy

Scope

This policy applies to:

• All employees, contractors, and third-party partners
• All company-owned and client-managed systems
• All data processed, stored, or transmitted by Progile

Security Objectives

• Ensure confidentiality of sensitive information
• Maintain integrity of systems and data
• Ensure availability of systems and services
• Comply with applicable legal and contractual requirements

Access Control

• Access to systems is granted based on role and business need
• Strong passwords and Multi-Factor Authentication (MFA) are enforced
• User access is reviewed periodically
• Access is revoked immediately upon termination or role change

Data Protection

• All client data is handled confidentially
• Data transmission uses encrypted protocols (HTTPS/TLS)
• Sensitive information is stored securely in approved cloud platforms
• Regular backups are performed to prevent data loss

Infrastructure Security

• Systems are regularly updated and patched
• Firewalls and security groups are configured to restrict access
• Secure development practices are followed
• Code repositories are access-controlled

Incident Management

• Security incidents must be reported immediately
• Incidents are investigated and documented
• Clients are notified promptly if their data is affected
• Corrective measures are implemented to prevent recurrence

Third-Party Security

Progile engages only reputable third-party providers (e.g., AWS, Microsoft Azure) that maintain industry-standard security controls.

Employee Responsibility

• All personnel must adhere to this policy
• Confidentiality agreements are mandatory
• Security awareness is promoted within the organization