This policy states the guiding principles for information stewardship and a framework for handling confidential information.
This policy will define how data is classified by the owners of sensitive data. This policy applies to all FinGoal data and the systems which host and access that data regardless of the environment or media where the data resides. This includes data centers, personal computers, mobile devices, removable drives, optical storage, and even paper, and is inclusive of any FinGoal-owned information regardless of type, location or storage medium.
This policy also governs all manner of data communications including electronic, voice, print and written communications.
This policy applies to all members of the FinGoal team including employees, contractors, and temporary workers.
FinGoal and its members are expected to responsibly manage, handle, and use data. While such information or data may be accessed from company-owned or personally-owned devices, this expectation of responsibility remains applicable regardless of how data is accessed.
This policy is intended to ensure the integrity, availability, and protection of institutional and end-user data without impeding legitimate, authorized access to, and use of, institutional data and systems.
All employees who use or have access to restricted information must have training which includes:
The CISO is responsible for directing all employees to the appropriate training resources.
Personally Identifiable Data must be maintained in the safest environment possible consistent with business needs. All FinGoal consumer data must be persisted in one of the official Amazon Web Services and Google Cloud Platform Databases behind suitably strict access control guardrails. All data is maintained within SOC-2 compliant policies and procedures.