Facebook-f Linkedin-in Tiktok
Get in Touch

SECURITY AND RISK MANAGEMENT PROCEDURE

HomeKnowledge Base SECURITY AND RISK MANAGEMENT PROCEDURE

Boxme Knowledge Base

SECURITY AND RISK MANAGEMENT PROCEDURE

Updated on 18/08/2025
Table of contents

1. Purpose #

The purpose of this document is to establish a structured approach to security and risk management, ensuring the confidentiality, integrity, and availability of customer data in compliance with the Data Privacy Act of 2012 and ISO 9001:2015 standards.

2. Scope #

This procedure applies to all employees, contractors, and third-party service providers who process, store, or transmit customer data within BOXME.

3. Responsibilities #

3.1 Management Responsibilities

  • Ensure adherence to security policies and compliance with regulatory requirements.
  • Allocate necessary resources for security measures.
  • Conduct periodic risk assessments and audits.

3.2 Employee Responsibilities

  • Follow security guidelines and report any incidents.
  • Participate in regular security training.

3.3 IT Security Team Responsibilities

  • Implement security controls and monitor threats.
  • Ensure data protection measures are up-to-date.
  • Respond to security incidents and breaches.

4. Security Controls #

4.1 Access Control

  • Role-based access control (RBAC) for restricted access.
  • Multi-factor authentication (MFA) for system logins.
  • Periodic review and revocation of inactive accounts.

4.2 Data Protection

  • Encryption of sensitive data at rest and in transit.
  • Secure backup and disaster recovery plans. Refer to RTO & RPO
  • Data retention policy aligned with legal requirements.

4.3 Physical Security

  • We always use data centers that meet international security standards.
  • Our data centers (AWS, GCP) comply with standards such as ISO 27001, PCI-DSS, and SOC 2.
  • The security system includes strict access control, data encryption, and 24/7 monitoring to ensure customer information safety.
  • Access to the data center is restricted.
  • CCTV surveillance and biometric authentication are implemented for high-security areas.
  • Security personnel are on duty 24/7.

5. Risk Management #

5.1 Risk Identification

  • Conduct risk assessments semi-annually.
  • Maintain a risk register to document potential threats.

5.2 Risk Mitigation

  • Implement preventive measures to address identified risks.
  • Regular penetration testing and security updates.

5.3 Incident Management

  • Immediate containment and analysis of security incidents.
  • Notification to affected stakeholders and regulatory authorities.
  • Post-incident review and continuous improvement measures.

6. Compliance and Monitoring #

  • Conduct periodic internal audits for compliance with ISO 9001:2015.
  • Regular reporting to management on security metrics.
  • Continuous improvement through feedback and industry best practices.

7. Training and Awareness #

  • Mandatory cybersecurity training for all employees.
  • Regular phishing simulations and security awareness campaigns.
  • Policy adherence verification through internal assessments.

8. Document Control #

  • This procedure is maintained by the IT Security Team.
  • Reviewed annually and updated as necessary to align with new risks and regulations.

9. Contact Information #

For security concerns or incident reporting, please contact:

  • Email: [Security Contact Email]
  • Phone: [Security Contact Phone]

This procedure is effective as of 01.02.2024 and will be reviewed periodically for improvements.

Was it helpful ?

We care about the customer experience as much as you and strive to be an extension of your business.

Company & Legal

Solutions

Resources

Facebook-f Tiktok Linkedin-in
image7
image

© 2025 – Boxme Global. All Rights Reserved.

Back to top