Skip to content

Internal information security policies

Introduction

At SerenityGPT, our commitment to data security and resilience is foundational. This document provides an overview of the information security policies we uphold to ensure the integrity, availability, and confidentiality of our services. These policies govern how we handle, protect, and manage data and are continuously reviewed to comply with best practices and regulatory standards. While the details of these policies are maintained internally, clients may request up-to-date copies for review as needed.

Policies overview

Business Resilience & Disaster Recovery Policy

Outlines measures for continuity and recovery to minimize downtime and data loss in the event of an incident.

Compliance Management Policy

Details processes to ensure compliance with applicable laws, standards, and client agreements.

Data Classification & Information Handling Policy

Defines data categories and guidelines for the safe handling and storage of sensitive information.

Deployment & Integration Management Policy

Describes the procedures for secure and consistent deployment of services and integration with customer systems.

ESG Risk Management Policy

Addresses environmental, social, and governance considerations in our operational risk assessments.

Human Resources & Privacy Management Policy

Establishes guidelines for employee data privacy, onboarding, and offboarding security protocols.

Incident Response Plan

Defines protocols for identifying, managing, and reporting security incidents swiftly and effectively.

Network Security Policy

Specifies safeguards to protect network infrastructure from unauthorized access and cyber threats.

Password Management & Access Control Policy

Details password protocols, multi-factor authentication requirements, and access control guidelines.

Professional Ethics & Business Practices Policy

Covers ethical standards and business practices, ensuring integrity across our operations.

Risk Management Policy

Outlines the approach to identifying, assessing, and mitigating potential risks.

System Hardening and Anti-Malware Policy

Describes the practices for securing systems against vulnerabilities and ensuring robust malware protection.

Vendor & Supplier Management Policy

Provides guidance on security measures and expectations for third-party service providers.

Note

SerenityGPT’s information security policies are stored and maintained internally. Clients interested in reviewing specific policies can reach out to request access to the latest versions.

Cross-reference: Security and data privacy

To learn more about SerenityGPT’s data privacy approach and technical infrastructure, see our Security and data privacy page. This page covers:

  • Service overview: Insight into SerenityGPT’s core purpose of enhancing data accessibility through secure knowledge retrieval interfaces.
  • Privacy commitment: Our privacy-first approach, aligned with GDPR principles, ensuring data confidentiality and client trust.
  • Technical definitions: Key terms like knowledge retrieval, on-premises deployment, permissions metadata, and more.
  • Data collection, use, and security: Detailed explanations of data types collected, user permissions, secure data transfer, and encryption practices. -Incident response procedure and data retention: Descriptions of our robust incident response and strict data retention/deletion policies.

Security policy review cycle

Our security policies undergo routine assessments and updates, reflecting any changes in industry standards, legal requirements, and security best practices, as well as our own internal learnings. This commitment ensures that SerenityGPT continuously aligns with the latest measures to secure your data effectively.

How to request policy access

Clients interested in reviewing specific security policies may contact our support team. Policy access requests are generally processed within 2-3 business days, and a current NDA will be required to view these documents.