Objective

Gorilla Logic and its affiliates (“Gorilla Logic” or the “Company”) are committed to maintaining the integrity and security of confidential information, non-public information, and private information of Gorilla Logic and its clients and partners. It is the policy of Gorilla Logic to seek to prevent such information from being disclosed through the implementation of specific information security procedures, as described in this Information Security and Data Privacy Policy (“Policy”). The Policy sets forth Gorilla Logic’s requirements with respect to the collection, storage, use, transmission, and disposal of information in electronic, voice, or tangible written forms.

This Policy covers all personal data of the Company’s employees, consultants, external vendors, clients, end customers of Company clients, and other natural persons, as well as all confidential information of the Company and any third parties who have provided confidential information to the Company (collectively, “Confidential Information”). This Policy applies to all employees, consultants, subcontractors, and agents (“Company Personnel”), as well as other third parties, who access information in any Gorilla Logic facility or on any Gorilla Logic system. 

 

Policy Description

Privacy

Gorilla Logic values the privacy of all individuals whose information is accessible to the Company and Company Personnel. The Company seeks to adhere to the following privacy principles:

  • To collect only information that is necessary and relevant
  • To maintain information in a secure manner
  • To use reasonable practices and technology consistent with industry standards to safeguard the security and privacy of data
  • To limit access to only those persons who have a legitimate business need to access the information
  • To copy and disseminate information only as necessary to conduct Company business, perform services in accordance with client agreements, or comply with applicable laws and regulations
  • To disclose information to Company Personnel and other third parties only after receiving reasonable written assurances regarding confidentiality

Safeguards

To protect Confidential Information, Gorilla Logic seeks to implement physical, technical, and administrative safeguards, as detailed in the sections below.

 

1. PHYSICAL SECURITY

Facility Access and Control

Gorilla Logic maintains a policy defining secure areas such as server rooms, network management centers, backup facilities, and communication rooms. 

Security for Non-Electronic Information

Company Personnel are expected to follow Gorilla Logic policies to protect Confidential Information in non-electronic form (e.g., paper, microfilm, and microfiche). Measures for information deemed highly sensitive or vulnerable to misappropriation (including PII) include storage in locked file cabinets or similar locations or in file cabinets or other storage that clearly delineate that they contain Confidential Information and that are located in offices that are kept secure both during and after business hours.

Removal/Disposal of Data

Destruction of materials that contain Confidential Information will be by shredding (if hard copy), or if stored in an electronic format, in a secure manner.

 

2. TECHNICAL SAFEGUARDS

Access Control

Gorilla Logic implements technical policies and procedures that allow only authorized persons to access Confidential Information.

Company Personnel responsible for designing, implementing, or managing Systems are required to comply with all Gorilla Logic policies for the protection of electronically stored information. Several types of measures are required for the protection of Confidential Information stored electronically, whether on servers, individual computers, portable devices, voicemail systems, or other media. These measures include password protection, authorization protocols, electronic measures (such as file protection or encryption), and common-sense procedures to minimize the possibility of theft, unauthorized access, change, or interruption.

 

3. ADMINISTRATIVE SAFEGUARDS

Audit Controls and Monitoring
 
Gorilla Logic’s internal audit and compliance functions, as well as its information security function, evaluate compliance with these information security and data privacy policies and procedures. Gorilla Logic also is subject to external audits in connection with ISO and other certification processes, as well as audits conducted of particular client processes, whether conducted by the clients themselves or external consultants engaged by the clients.
 
Security Management Process
 
Gorilla Logic undertakes efforts to identify and analyze potential risks to electronic Confidential Information and to implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level. Such efforts include utilization of network monitoring and intrusion detection systems, as well as periodic risk assessments conducted by Gorilla Logic or independent third parties to identify the effectiveness of existing security measures and to take into account new or changing risks to Gorilla Logic Confidential Information and Company Systems.
 
Information Access Management
 
Gorilla Logic has policies and procedures for authorizing access to Confidential Information only when such access is appropriate based on the user or recipient’s role. Such role-based access is designed to limit access to particular items of Confidential Information only to those Company Personnel who have a legitimate business need, consistent with their job function, to access such items of Confidential Information.
 
Information Security and Privacy Incident Management
Gorilla Logic has an information security and privacy incident management process which requires security incidents to be effectively reported, remedied, investigated, and monitored to ensure that corrective and preventive actions are taken to control and remediate security incidents in a timely manner. 
 

 

4. SUPPLEMENTAL GUIDELINES OR PROCEDURES

Any supplemental guidelines or procedures referenced in this Policy may be obtained by contacting the Information Security Group. The policy will continue to be in force unless superseded by a fresh policy. Gorilla Logic reserves the right to supplement, change, or discontinue any portion of this Policy from time to time at its sole discretion.