Information Security Policy

Our goal is to ensure that all information is:

• Protected against unauthorised access or disclosure
• Maintained in a secure and accurate state
• Available to those who need it, when they need it

This policy applies to:

• All employees, contractors, and third parties who access RoleMapper systems
• All information systems, networks, devices, and data owned or managed by RoleMapper
• All customer data processed by RoleMapper

We are committed to:

• Data Protection: Adhering to applicable data protection laws (including UK GDPR) and ensuring personal data is handled lawfully and transparently.
• Access Control: Ensuring access to data is restricted to authorised individuals based on role and need.
• Encryption: Using industry-standard encryption for data in transit and at rest.
• System Monitoring: Actively monitoring for vulnerabilities, threats, and suspicious activity.
• Secure Development: Embedding secure coding practices into our software development lifecycle.
• Incident Response: Maintaining an incident response plan to handle potential data breaches swiftly and transparently.
• Vendor Management: Ensuring our third-party providers meet our security and privacy standards.
• Training and Awareness: Providing regular information security training to our team.

If you believe the security of our systems or data has been compromised, please contact our security team immediately at: security@rolemapper.tech
We take all concerns seriously and act swiftly to investigate and resolve any issues.

This policy is reviewed annually and whenever there are significant changes to our systems, regulatory obligations, or security risk profile.