Policy Owner: Managing Director

Effective Date: 2023-05-01

Policy

All CloudCard employees are remote employees. Physical access to company devices should be secured in the same manner that someone would secure their own home.

Employees must ensure that no unauthorized individuals may view, overhear, or otherwise have access to CloudCard’s customer or confidential data, especially when working from a public location such as a coffee shop or airport.

All end user devices containing access to internal CloudCard resources must be protected at all times and may not be left unattended.

Supplier, Vendor, and Third-Party Security

Suppliers, vendors, and third-parties shall comply with CloudCard physical security and environmental controls requirements. CloudCard shall assess the adequacy of third-party physical security controls as part of the vendor management process, in accordance with the Third-Party Management Policy. Third party security controls shall be sufficient to prevent unauthorized physical access to systems processing or storing CloudCard data.

Exceptions

Requests for an exception to this policy must be submitted to the Management for approval.

Violations & Enforcement

Any known violations of this policy should be reported to the Managing Director. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.