Information Management & Security
At HotSchedules, we are committed to protecting the company’s information technology, brand, intellectual property, personal information and customer data from misuse or compromise. This customer-facing Information Management and Security statement sets out how we protect our assets and reputation from threats associated with misuse or compromise of information/data. This includes whether the threat is internal or external, deliberate or accidental in nature.
HotSchedules maintains a comprehensive Information Security Program, which we regularly update, and includes appropriate administrative, technical and physical safeguards to prevent the loss unauthorized use, access, or disclosure of HotSchedules and customer proprietary data.
All of our employees are responsible for remaining vigilant in protecting the security and confidentiality of individual customer records and all forms of customer communications.
Policies adopted as a part of our Information Security Program demonstrate senior management’s commitment to maintaining a secure network, which allows our employees be more effective in securing HotSchedules’ information assets. These Policies apply to anyone connecting to HotSchedules’ internal networks and include, among others, the following controls:
- Information Security Policy – requiring the implementation of security policies and associated standards and processes
- Human Resources Security – policies and process around the security aspects of employee hiring, movement and departure
- Business Continuity & Disaster Recovery – protecting, maintaining and recovering business-critical processes and systems
- Confidential Data and Encryption – classifying levels of confidentiality for data and setting out how it is handled, used stored, transmitted and destroyed
- Incident Response – covering preparation for, investigation and management of and response to physical and electronic incidents
- Device and Network Access – setting out device types and network access, password and authentication requirements
- Network Security – ensuring change management procedures, firewall management, log monitoring, security awareness training, access, login monitoring and integrity controls
- Physical Security – protecting HotSchedules facilities housing people, information and technology assets
- Information Security Management – requiring that security risk analysis and management functions continue on an ongoing basis
- Third Party Management – setting out technology vendor security standards, onboarding process and review requirements
All of our employees are trained regarding their responsibilities under our Information Security Program, including safeguarding customer confidentiality and data privacy. We make it clear that employees who fail to follow our Policies will face disciplinary action, which may include termination.
HotSchedules strives to ensure that the confidential information we possess is, maintained securely and that our employees comply with our confidential data policies. . Access to databases containing customer information is limited to employees who need it as part of their job performance, and who have been trained on our guidelines for handling such information. We use locks and physical security measures, sign-on and password control procedures, internal auditing techniques and other types of security as appropriate for the information stored to protect against unauthorized use of and entry into our data systems. HotSchedules requires that records be safeguarded from loss, theft, unauthorized disclosure, and accidental destruction. In addition, sensitive and confidential, or records must be protected and maintained in a secure environment. It is our policy to destroy records containing sensitive and confidential information in a secure manner. Hard copy confidential and sensitive documents must be made unrecoverable before disposition or recycling, and electronic media must be destroyed using methods that prevent access to information stored in that type of media.
We encourage our employees to be proactive in implementing and enforcing our Information Security Policies. If employees become aware of practices that raise security or privacy concerns, they are instructed to report them as soon as reasonably possible.
Last updated: April 10, 2019