INFORMATION SECURITY POLICY

Century 21 Real Estate Alliance Group (“Company”) has adopted the following information security policy to protect Consumer Non-public Personal Information (“NPI”) as required by federal and state law and industry standards.

Statement of Information Security Policy

The Company recognizes that there are both internal and external risks. These risks include, but are not limited to: unauthorized access to NPI by employees or others; unauthorized requests for access to records; interception of data during transmission; loss of data in a disaster; corruption of data or systems; misplacement or loss of paper records; compromise of data from disposal of records; and unauthorized or unintended disclosure of electronic or printed NPI.

It is the policy of the Company to protect against the unauthorized access, use, corruption, disclosure, and distribution of NPI in its possession, and to comply with all applicable state and federal laws and regulations regarding such information.

The Company shall hold NPI in strict confidence and shall not release or disclose such information to any person except as required or authorized by law and only to such persons who are authorized to receive it. In furtherance of this policy, the Company has adopted policies and procedures for the administrative, technical and physical safeguarding of all NPI. These policies and procedures are reviewed and updated annually.

Restrictions on Access and Transmission of Non-public Personal Information

The following restrictions are in place to limit access and secure transmission of NPI in the Company’s possession:

  1. The Company restricts access to NPI to authorized employees who have undergone Background Checks at hiring and who have reviewed and agreed to abide by the Company’s Information Security Policy;
  2. Access to NPI is limited to authorized employees who processes for which such NPI was obtained;
  3. Physical and electronic access to NPI is immediately removed upon termination of an employee;
  4. The Company has a clean desk policy requiring that physical files, documents and computer files containing NPI be stored in a secure manner when an employee leaves their workstation or work area for the day or an extended period of time, or when non-authorized individuals are in the employee’s work area;
  5. During non-business hours, records are physically secured to protect NPI via locked file cabinets, locked offices, burglar alarm, and security cameras.
  6. Dissemination of NPI to third parties is limited to the specific data necessary for the third party to provide the information and/or documentation necessary for the task, or for compliance with regulatory or other statutory requirements;
  7. NPI received in non-electronic (paper) form shall immediately be placed inside of a locked file cabinet or drawer; Page 1 RELAW, APC Policies & Procedures Document 3.6 – Information Security Policy and Acknowledgement Century 21 Real Estate Alliance Group V1 May 30, 2023
  8. Physical transmission of documents containing NPI is limited to licensed and bonded courier companies or vendors who have reviewed and agreed to abide by the Company’s Information Security Policy.
  9. Electronically maintained NPI is stored on secure servers that are password protected; and
  10. The Company requires encryption on any electronic transmission of NPI.

As detailed more fully below, the following additional policies and procedure are in place to protect NPI:

  1. An “Information Technology Policy” to control the use of electronic communication;
  2. A “Record Retention and Disposal Policy” to protect NPI contained in non-active matters;
  3. A “Disaster Recovery Plan” to create a method for recovery of data upon the happening of a disaster which impacts the Company’s records;
  4. A “Notification Procedure” for use if a security breach occurs wherein NPI is accessed by someone without proper authorization and
  5. A documented “Privacy Policy” which is disseminated to all necessary parties.

Any violation of the Company’s Information Security Policy by an employee is grounds for termination.

Information Technology Policy

The Company uses various forms of electronic communication including, but not limited to computers, e-mail, telephones, Internet, and cell phones. All electronic communications, including all software, databases, hardware, and digital files, remain the sole property of the Company and are to be used only for the Company business and not for any personal use.

Access to NPI through the Company’s information systems and networks is limited to individuals who have a legitimate business reason to access such information. Access controls are implemented at the user, application, system and network layers to ensure access to NPI is implemented consistently with regulations, the agency’s Information Security Program and other acceptable use policies.

All employees of the Company will complete and sign an acceptable use of information technology assets agreement on an annual basis. Annually employees will receive updates/training on information technology policies and procedures.

Electronic communication and media may not be used in any manner that would be discriminatory, harassing, or obscene, or for any other purpose that is illegal, against Company policy, or not in the best interest of the Company.

Employees who misuse electronic communications and engage in defamation, copyright or trademark infringement, misappropriation of trade secrets, discrimination, harassment, or related actions will be subject to discipline and/or immediate termination.

Employees may not install personal software on the Company computer systems.

All electronic information created by any employee using any means of electronic communication is the property of the Company and remains the property of the Company. Personal passwords may be used for purposes of security, but the use of a personal password does not affect the Company’s ownership of the electronic information. Personal passwords will be reported to and maintained by the Company.

The Company will override all personal passwords if necessary for any reason.

The Company reserves the right to access and review electronic files, messages, mail, and other digital archives, and to monitor the use of electronic communications as necessary to ensure that no misuse or violation of Company policy or any law occurs. The Company maintains the right to monitor all areas of an employee’s workplace, including drawers and cabinets, for the purpose of identify the location and maintenance of NPI.

Employees are not permitted to access the electronic communications of other employees or third parties unless directed to do so by the Company management.

No employee may install or use anonymous e-mail transmission programs or encryption of e-mail communications, except as specifically authorized by the Company.

Employees who use devices on which information may be received and/or stored, including but not limited to cell phones, cordless phones, portable computers, notepads, personal computers, fax machines, and voice mail communications are required to use these methods in strict compliance with the trade secrets and confidential communication policy established by the Company. These communications tools should not be used for communicating confidential or sensitive information or any trade secrets.

The use of removal media is prohibited by the Company.

Access to the Internet, websites, and other types of the Company computer access are to be used for the Company related business only. Any information about the Company, its products or services, or other types of information that will appear in the electronic media about the Company must be approved by the Company before the information is placed on an electronic information resource that is accessible to others.

The Company takes reasonable and appropriate steps, consistent with current technological capabilities and industry recognized “best practices,” to ensure that all electronically maintained NPI is stored, accessed, processed and transmitted as securely as possible and to safeguard the confidentiality, integrity and authorized availability of any and all records. These steps include but are not limited to:

  1. Maintaining the network and host-based integrity of systems through consistent and timely updates and patches;
  2. Utilization of anti-virus software, where appropriate;
  3. Routinely monitoring system health and availability;
  4. Routinely monitoring and mitigating the risks associated with known network- and host-based vulnerabilities as well as monitoring and responding to network- and host-based threats;
  5. Ensuring separation of privileges with regard to confidential Consumer information access; and Page 3 RELAW, APC Information Security Policy and Acknowledgement Century 21 Real Estate Alliance Group V1 June 7, 2023
  6. Documented and controlled incident response and escalation processes. All NPI is maintained on secured hosts behind a firewall.

Record Retention and Disposal Policy

The Company will keep and maintain physical paper records and electronic documents for as long as they are being actively used by the Company, or as necessary to comply with state or federal law in a manner that protects against unauthorized access to or use of NPI. Physical files are stored on site in locked file cabinets or a locked file room.

Paper documents that are no longer required to be kept by Company will be shredded and/or recycled by a bonded security company. Electronic documents will be deleted and magnetic media will be erased.

Welcome! Please Login Below

Sign in with Microsoft