top of page

Cybersecurity Policy for SafeSiteUSA

Effective Date: May 13, 2025

1. Purpose

This Cybersecurity Policy is established to protect SafeSiteUSA's digital infrastructure, customer data, and internal communications from unauthorized access, data breaches, and other cyber threats. The policy applies to all employees, contractors, vendors, and affiliates who interact with company networks, software, or data.

 

2. Scope

This policy covers:

  • Network and server security

  • Employee and contractor access

  • Data protection and encryption

  • Cloud and third-party integrations (e.g., Smartsheet)

  • Physical device and endpoint security

  • Surveillance and access control data

 

3. Access Control

  • All users must use strong, unique passwords.

  • Two-factor authentication (2FA) is required for sensitive platforms.

  • Access is granted on a "least privilege" basis.

  • Former employees and contractors are deactivated immediately upon termination.

 

4. Data Security & Encryption

  • All data at rest and in transit is encrypted using industry standards (e.g., AES-256, SSL/TLS).

  • Personally Identifiable Information (PII), visitor logs, and project data must only be stored on approved, secured servers.

  • Backups are encrypted and stored in separate, secured environments.

 

5. Network and Infrastructure Security

  • Firewalls, antivirus, and anti-malware protections are deployed across all systems.

  • Wireless networks use WPA3 encryption.

  • Regular vulnerability scans and penetration testing are conducted.

 

6. Software & System Updates

  • All software must be kept up-to-date with critical security patches applied within 48 hours of release.

  • Only approved software can be installed on company devices.

  • Unauthorized software or downloads are prohibited.

 

7. Incident Response Plan

  • Employees must report any suspected breach or cyber threat to management immediately.

  • Affected systems are isolated and logged.

  • An investigation is conducted within 24 hours by the designated IT administrator or third-party cybersecurity vendor.

  • Affected customers will be notified if data exposure is confirmed.

 

8. Employee Training & Responsibility

  • All employees undergo cybersecurity awareness training annually.

  • Phishing simulation and prevention workshops are provided.

  • Misuse of company systems or negligence will result in disciplinary action.

 

9. Third-Party & Vendor Access

  • All vendors must comply with SafeSiteUSA's cybersecurity standards.

  • Contracts must include data protection and confidentiality clauses.

 

10. Compliance & Auditing

  • SafeSiteUSA follows industry best practices and applicable laws including:

    • New York SHIELD Act

    • NIST Cybersecurity Framework

    • CISA guidelines for critical infrastructure

  • Routine audits are performed to ensure compliance.

 

11. Policy Review

This policy will be reviewed and updated annually or when significant changes to infrastructure, threats, or operations occur.

Approved by:
Management, SafeSiteUSA

For questions about this policy, please contact our security team at Info@SanicoUSA.com.

bottom of page