Limited Offer: Join Puretalk affiliate program and receive a 20% discount coupon.
puretalk-logo

Puretalk Information Security Policy

Effective Date: 12/12/2024

Purpose This Information Security Policy establishes the guidelines to actively protect sensitive and confidential information, ensuring compliance with SOC 2 and HIPAA standards, and supporting our commitments to client confidentiality, data integrity, and secure operations.
Scope This policy covers all employees, contractors, and affiliates of Puretalk who access our data systems and networks.
Policy Statements
Data Classification and Control
  • - Data is classified into categories (Confidential, Internal Use Only, Public) to determine the necessary security and access controls.
  • - Access to sensitive data, including personal and health information, is restricted based on role-based access controls.
Risk Management
  • - We conduct regular risk assessments to identify, evaluate, and mitigate risks to information security.
  • - We implement proactive security measures to manage and reduce risks to acceptable levels.
Asset Management
  • - We maintain an inventory of all critical information assets.
  • - We implement appropriate security controls to protect physical and digital assets.
Human Resources Security
  • - We conduct background checks as part of the hiring process for all employees.
  • - We provide ongoing security training and awareness programs.
Physical and Environmental Security
  • - We secure physical access to facilities where sensitive data is stored or processed.
  • - We protect against environmental hazards with appropriate contingency planning.
Communications and Operations Management
  • - We use secure communication channels for transmitting sensitive data.
  • - We employ encryption technologies to safeguard data in transit and at rest.
Access Control
  • - We enforce strict authentication and authorization mechanisms.
  • - We regularly review and update access rights to ensure minimum necessary access.
Information Systems Acquisition, Development, and Maintenance
  • - We integrate information security into the development lifecycle of IT systems.
  • - We regularly update systems and software to protect against vulnerabilities.
Incident Management
  • - We establish an incident response plan to address security breaches and data leaks.
  • - We report security incidents promptly and take necessary corrective actions.
Business Continuity and Disaster Recovery
  • - We develop and maintain a business continuity plan to ensure the availability of information systems and data during and after a disaster.
Compliance
  • - We regularly audit compliance with this policy and relevant legal and regulatory requirements.
  • - We address non-compliance issues swiftly to mitigate any potential impacts.
Review and Revision
  • - We review this policy annually and revise as necessary to remain compliant with applicable laws and standards and to reflect organizational changes.
Policy Enforcement
  • - We handle violations of this policy according to Puretalk’s disciplinary procedures, which may lead to sanctions, up to and including termination of employment.