Security And Data Privacy Policy

Facility Access and Control

Gorilla Logic maintains a policy defining secure areas such as server rooms, network management centers, backup facilities, and communication rooms. 

Security for Non-Electronic Information

Company Personnel are expected to follow Gorilla Logic policies to protect Confidential Information in non-electronic form (e.g., paper, microfilm, and microfiche). Measures for information deemed highly sensitive or vulnerable to misappropriation (including PII) include storage in locked file cabinets or similar locations or in file cabinets or other storage that clearly delineate that they contain Confidential Information and that are located in offices that are kept secure both during and after business hours.

Removal/Disposal of Data

Destruction of materials that contain Confidential Information will be by shredding (if hard copy), or if stored in an electronic format, in a secure manner.

Access Control

Gorilla Logic implements technical policies and procedures that allow only authorized persons to access Confidential Information.

Company Personnel responsible for designing, implementing, or managing Systems are required to comply with all Gorilla Logic policies for the protection of electronically stored information. Several types of measures are required for the protection of Confidential Information stored electronically, whether on servers, individual computers, portable devices, voicemail systems, or other media. These measures include password protection, authorization protocols, electronic measures (such as file protection or encryption), and common-sense procedures to minimize the possibility of theft, unauthorized access, change, or interruption.

Audit Controls and Monitoring

Gorilla Logic’s internal audit and compliance functions, as well as its information security function, evaluate compliance with these information security and data privacy policies and procedures. Gorilla Logic also is subject to external audits in connection with ISO and other certification processes, as well as audits conducted of particular client processes, whether conducted by the clients themselves or external consultants engaged by the clients.

Security Management Process

Gorilla Logic undertakes efforts to identify and analyze potential risks to electronic Confidential Information and to implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level. Such efforts include utilization of network monitoring and intrusion detection systems, as well as periodic risk assessments conducted by Gorilla Logic or independent third parties to identify the effectiveness of existing security measures and to take into account new or changing risks to Gorilla Logic Confidential Information and Company Systems.

Information Access Management

Gorilla Logic has policies and procedures for authorizing access to Confidential Information only when such access is appropriate based on the user or recipient's role. Such role-based access is designed to limit access to particular items of Confidential Information only to those Company Personnel who have a legitimate business need, consistent with their job function, to access such items of Confidential Information.

Information Security and Privacy Incident Management

Gorilla Logic has an information security and privacy incident management process which requires security incidents to be effectively reported, remedied, investigated, and monitored to ensure that corrective and preventive actions are taken to control and remediate security incidents in a timely manner. 

Any supplemental guidelines or procedures referenced in this Policy may be obtained by contacting the Information Security Group. The policy will continue to be in force unless superseded by a fresh policy. Gorilla Logic reserves the right to supplement, change, or discontinue any portion of this Policy from time to time at its sole discretion.