Strong Industries – Information Security Policy

Effective Date:  2025-01-01 Version: 1.2

 

Our Commitment to Security

At Strong Industries, we take security seriously. While our work typically involves public-facing websites and consulting services, we recognize that trust is built on a foundation of sound security practices. This Information Security Policy outlines the measures we take to safeguard our systems, protect client data during project work, and ensure the integrity of the services we provide.

This policy is intended to provide transparency into our internal security approach. For information about how we handle personal data, please refer to our <privacy policy>.

1. Purpose

The purpose of this Information Security Policy is to establish Strong Industries’ commitment to protecting client data, safeguarding information systems, and ensuring secure delivery of technical consulting and web development services. This policy applies to all employees, contractors, and third parties with access to Strong Industries’ systems and client environments.

2. Scope

This policy covers:

  • Internal information systems and assets owned or managed by Strong Industries.
  • Client data and systems accessed during the course of project work (limited to web hosting environments, CMS platforms, and related tools).

Note: Strong Industries does not store, process, or manage sensitive client data (such as personal identifiable information or payment data) on its own infrastructure.

3. Security Governance

  • Strong Industries designates a Security Contact responsible for maintaining this policy and overseeing its implementation.
  • All team members are required to follow security best practices, including confidentiality obligations and secure handling of client assets.

4. Access Control

  • Access to company systems and client accounts is restricted to authorized personnel only.
  • Unique user credentials are used for all systems. Passwords must meet industry-standard complexity requirements.
  • Multi-factor authentication (MFA) is enabled where supported (e.g., cloud services, CMS platforms).

5. Data Protection

  • All reasonable efforts are made to ensure that client credentials, project files, and communications are stored and transmitted securely.
  • Sensitive login credentials and files are shared only via encrypted channels (e.g., secure password managers, encrypted email).

6. Incident Response

  • Strong Industries maintains internal procedures to identify, escalate, and resolve security incidents that may impact client services.
  • Clients will be notified promptly of any suspected or confirmed incident affecting their website or data.

    7. Systems Maintenance

    • All workstations and devices used by Strong Industries personnel are kept up-to-date with security patches and protected by anti-malware software.
    • Regular reviews are conducted to ensure compliance with secure coding practices and web security guidelines.

    8. Confidentiality

    • All employees and contractors are required to sign confidentiality agreements before beginning work.
    • Client data and project materials are treated as confidential and are not shared outside of the company or project team without explicit client consent.

    9. Training & Awareness

    • Team members receive basic security and privacy awareness training during onboarding and as part of ongoing professional development.

    10. Policy Review

    This policy is reviewed at least annually or when significant changes to company operations or security practices occur.

    Contact

    For questions regarding this policy, please reach out via our <contact> form