Gorilla Logic and its affiliates (“Gorilla Logic” or the “Company”) are committed to maintaining the integrity and security of confidential information, non-public information, and private information of Gorilla Logic and its clients and partners. It is the policy of Gorilla Logic to seek to prevent such information from being disclosed through the implementation of specific information security procedures, as described in this Information Security and Data Privacy Policy (“Policy”). The Policy sets forth Gorilla Logic’s requirements with respect to the collection, storage, use, transmission, and disposal of information in electronic, voice, or tangible written forms.
This Policy covers all personal data of the Company’s employees, consultants, external vendors, clients, end customers of Company clients, and other natural persons, as well as all confidential information of the Company and any third parties who have provided confidential information to the Company (collectively, “Confidential Information”). This Policy applies to all employees, consultants, subcontractors, and agents (“Company Personnel”), as well as other third parties, who access information in any Gorilla Logic facility or on any Gorilla Logic system.
Gorilla Logic values the privacy of all individuals whose information is accessible to the Company and Company Personnel. The Company seeks to adhere to the following privacy principles:
Gorilla Logic maintains a policy defining secure areas such as server rooms, network management centers, backup facilities, and communication rooms.
Company Personnel are expected to follow Gorilla Logic policies to protect Confidential Information in non-electronic form (e.g., paper, microfilm, and microfiche). Measures for information deemed highly sensitive or vulnerable to misappropriation (including PII) include storage in locked file cabinets or similar locations or in file cabinets or other storage that clearly delineate that they contain Confidential Information and that are located in offices that are kept secure both during and after business hours.
Destruction of materials that contain Confidential Information will be by shredding (if hard copy), or if stored in an electronic format, in a secure manner.
Gorilla Logic implements technical policies and procedures that allow only authorized persons to access Confidential Information.
Company Personnel responsible for designing, implementing, or managing Systems are required to comply with all Gorilla Logic policies for the protection of electronically stored information. Several types of measures are required for the protection of Confidential Information stored electronically, whether on servers, individual computers, portable devices, voicemail systems, or other media. These measures include password protection, authorization protocols, electronic measures (such as file protection or encryption), and common-sense procedures to minimize the possibility of theft, unauthorized access, change, or interruption.
Gorilla Logic’s internal audit and compliance functions, as well as its information security function, evaluate compliance with these information security and data privacy policies and procedures. Gorilla Logic also is subject to external audits in connection with ISO and other certification processes, as well as audits conducted of particular client processes, whether conducted by the clients themselves or external consultants engaged by the clients.
Gorilla Logic undertakes efforts to identify and analyze potential risks to electronic Confidential Information and to implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level. Such efforts include utilization of network monitoring and intrusion detection systems, as well as periodic risk assessments conducted by Gorilla Logic or independent third parties to identify the effectiveness of existing security measures and to take into account new or changing risks to Gorilla Logic Confidential Information and Company Systems.
Gorilla Logic has policies and procedures for authorizing access to Confidential Information only when such access is appropriate based on the user or recipient’s role. Such role-based access is designed to limit access to particular items of Confidential Information only to those Company Personnel who have a legitimate business need, consistent with their job function, to access such items of Confidential Information.
Any supplemental guidelines or procedures referenced in this Policy may be obtained by contacting the Information Security Group. This Policy will remain in effect unless superseded by a subsequent policy. Gorilla Logic reserves the right to supplement, change, or discontinue any portion of this Policy from time to time at its sole discretion.
