Skip to main content

Information Security Compliance

  1. Recognizing the different types of information that you work with
  2. Understanding with whom you can share each type of data

it is our responsibility to protect the confidentiality of the information we collect, use, store, and/or transmit. Team members will encounter different kinds of information, we are required to handle information consistent with its sensitivity and level of protection. The classifications cover both electronic and paper information.

you are aware of the responsibilities for handling the company's information using security best practices

responsibly handling company and client information that we work with is one of the ways we continue to earn trust and respect.

propreitary information such as organizational charts, team member user accounts, company email addresses should be classified as

  • internal
  • confidential
  • restricted

privacy

some customers are very private, and nobody wants to get spammed or hacked. BUILD then MARKET will protect customer information and privacy.

proprietary information

Sensitivity Labels

Internal, confidential, and restricted proprietary information are all types of sensitive information used within organizations, but they differ in terms of their accessibility, level of protection, and the consequences of unauthorized disclosure. Here's an overview of each category along with examples:

  1. Internal Information: Internal information refers to data that is intended for use within the organization and is generally accessible to employees and authorized personnel. It may include information about company policies, procedures, internal communications, and employee directories. While internal information is not typically shared with the public, it does not carry the same level of sensitivity as confidential or restricted proprietary information.

    Example:

    • An internal memo discussing upcoming changes in the company's organizational structure.
    • NDA needed

  2. Confidential Information: Confidential information is more sensitive than internal information and requires a higher level of protection. It typically involves data that, if disclosed to unauthorized individuals, could harm the organization's reputation, competitive advantage, or violate legal obligations. Confidential information can include trade secrets, financial data, customer databases, intellectual property, and non-disclosure agreements.

    Examples:

    • Age (year) / Birth year
    • customer email address
    • the fact that an individual is our customer
    • credit scores
    • client ID numbers
    • vendor contract terms
    • A company's financial statements and projections.
    • Customer lists and contact information.
    • Research and development plans for a new product or technology.

  3. Restricted Proprietary Information: Restricted proprietary information is the most sensitive type of information within an organization. It is highly confidential and subject to strict access restrictions. Restricted proprietary information often involves proprietary technology, formulas, algorithms, or other intellectual property that is critical to the organization's competitive advantage. Unauthorized disclosure of such information can have severe legal, financial, and reputational consequences.

    Examples:

    • Intellectual Property (IP)
    • Passwords
    • Telematics
    • Source code of a software application.
    • Manufacturing processes and techniques.
    • Patented technology or inventions.
    • D.O.B. (Date of Birth)
    • bank account numbers
    • Medical / Disability Information
    • credit card numbers
    • Social Security (SSN)
    • Any Government Issued ID Number (driver's license)

Proprietary Information

Sensitivity LevelTermDefinition
0public informationinformation that the company has made available to the general public such as the company's external website or in social media. Public Information may be freely distributed both inside and outside the company
1internal informationInformation that is proprietary or not intended for public knowledge. Due to its technical or business sensitivity, access is limited to team members, and third party vendors covered by a non-disclosure agreement. Such as employee PII, employee user accounts, private/personal email addresses, organizational charts, deductibles, passwords, encryption keys.
2Confidential Informationpersonal information of the Company's customers and team members, such as age. Also private business records, Vendor Contracts, source code
MAXrestricted Informationthe highest level of protection that require a business need to know for access. if lost, disclosed, or compromised it could result in harm, embarassment, inconvenience, negative impact, or unfairness to an individual or the company. need to know basis. payroll, salary, wages. payroll records have sensitive information like intellectual property, business plans, mergers & acquisitions, or IT secrets.

sharing financial information with employees

The level of transparency you choose will depend on factors such as the size of your team, the company culture, and the overall goals of your organization.

  1. Understand the importance of transparency: Sharing financial information with employees can foster a sense of trust, ownership, and alignment with the company's goals. It helps employees understand how their contributions impact the overall financial health of the organization.

  2. Determine what information to share: Not all financial information needs to be disclosed. Focus on sharing high-level information that provides employees with a clear understanding of the company's financial performance and key metrics. This may include revenue, expenses, burn rate, funding status, and key milestones.

  3. Consider the timing: Timing is crucial when sharing financial information. It's essential to strike a balance between providing timely updates and avoiding unnecessary distractions. Regular updates, such as quarterly or monthly, can help employees stay informed without overwhelming them.

  4. Provide context and education: Financial information can be complex, especially for employees who are not familiar with finance or accounting. Provide context and explanations to help employees understand the numbers and their significance. Consider organizing workshops or training sessions to enhance financial literacy within the team.

  5. Maintain confidentiality and privacy: While sharing financial information is important, it's equally important to respect confidentiality and privacy. Clearly communicate that the information shared is confidential and should not be disclosed outside the organization. Ensure that only authorized individuals have access to sensitive financial data.

  6. Tailor communication to the audience: Different employees may have varying levels of financial knowledge and interest. Adapt your communication style and the level of detail to ensure that the information is understandable and relevant to each individual. Use visuals, charts, and graphs to make the information more accessible.

  7. Solicit feedback and address concerns: Encourage employees to ask questions and provide feedback regarding the financial information shared. Address any concerns or misconceptions promptly and transparently. This fosters a culture of open communication and trust.

  8. Be honest about challenges: In an early-stage startup, financial challenges are not uncommon. Be honest and transparent about the company's financial situation, both positive and negative aspects. This helps employees understand the realities of the business and encourages them to contribute to finding solutions.

  9. Review and adapt: Regularly review your approach to sharing financial information and assess its effectiveness. Solicit feedback from employees and make adjustments as necessary. Remember that transparency is an ongoing process and may evolve as the company grows.

Remember that these best practices are guidelines, and you should tailor your approach to fit the specific needs and culture of your startup. It's essential to strike a balance between transparency and confidentiality based on the unique circumstances of your organization.