EticSoft Information Security Definitions

EticSoft Information Security Board (Board)

  • Consists of at least three primary and two alternate members, with the total number being odd. Members are selected and appointed by the board of directors from among company employees based on their experience in information security. External consultant members may be appointed to this board. Board members are determined by the board of directors.
  • Makes decisions by majority vote. Members are equal. There is no board chairman. Meetings and decisions are recorded with minutes.
  • Determines access permissions according to personnel’s duties and responsibilities, specifically for projects and/or in general, and notifies in writing.
  • Meets regularly at least twice a year.
  • Convenes urgently in information security risk situations.
  • Meetings can be held in physical or digital environments.
  • The board has the authority and responsibility to change, update, and create new internal company regulations (procedures) related to information security.
  • Classifies unclassified information assets as Confidential/Sensitive or Transparent.

Network Administrator

These are employees responsible for providing, restricting, or terminating access to information systems and servers for EticSoft employees.

Information Security Manager

The employee who manages EticSoft’s information security department. Responsible for ensuring and monitoring the implementation of the following procedures. Approves access provision in emergency response scenarios, whether pre-defined or not, outside of access permissions determined by the Board.

Confidential/Sensitive Information Asset

The following information assets are classified as Confidential or Sensitive data. Written permission from the Board and recording of access is required to view these assets. Transportation, modification, and sharing of confidential data is strictly prohibited.

  • Any project, drawing, database, architecture, code, design asset unless otherwise classified,
  • Any digital or physical document containing multiple customers or business partners,
  • Any records containing employees’ personal files, health records, excuse reports, personal contact information, conducted interviews, and family/social information, any information on their personal devices,
  • Resume files sent by employees and candidates for job applications and information assets related to their job interviews,
  • Any emails not sent to the general email address or employee’s own email address,
  • Minutes, emails, audio, phone, or video recordings of any activities, meetings, and correspondence with customers and business partners,
  • Personal information assets of customers, business partners, and any other persons and institutions, information about any products and services outside access permission definition, personal, commercial or financial information about their employees or their customers, other information that can be associated with these,
  • Financial and commercial relationships of the company and/or business partner and/or customer,
  • Patents, trademark registrations, designs, prototypes, and yet unpublished financial information,

Transparent Information Asset

Due to EticSoft’s transparency principle, EticSoft employees can access all of the following information, while customers and business partners can access information in items 4, 5, and 6,

  • Reports containing the company’s quarterly and annual revenues – expenses,
  • Company’s periodic budget,
  • Anonymous statistics such as total user numbers of products and services,
  • Company’s organizational chart,
  • Current and old versions of products and services, features, planned maintenance processes, planned or unplanned outages.
  • Company’s total capital

Exceptions: Transparent information can be temporarily and/or permanently restricted from access by the Board with stated justification.

Unclassified Information Asset

Any information asset not found in the Confidential Information Assets or Transparent Information Assets sections of this document is considered “Unclassified”. Access to such data is subject to the Information Security Manager’s permission. When the Information Security Manager encounters a request for access to such an asset, they apply to the Board in writing.