Information Security Policy

Purpose and Scope

This policy outlines Valstorm LLC's commitment to protecting the confidentiality, integrity, and availability of our and our customers' information assets. The scope of this policy applies to all Valstorm employees, contractors, and systems involved in the processing, storing, and transmission of data. Our objective is to safeguard our information systems from security threats, whether internal or external, deliberate or accidental.

Guiding Principles

Our security program is built upon the following core principles:

Data Governance: We classify data based on its sensitivity to ensure that it receives the appropriate level of protection. All customer data is treated as confidential.
Principle of Least Privilege: Access to information and systems is granted on a "need-to-know" basis, limited to the minimum required for individuals to perform their job functions.
Defense in Depth: We implement multiple layers of security controls—technical, administrative, and physical—to protect our assets, ensuring that a failure in one control does not compromise the entire system.
Third-Party Security Management: We conduct due diligence on all third-party vendors and partners to ensure they meet our security standards before being granted access to our data or systems.
Secure Development Lifecycle: Security is integrated into every phase of our software development process, from design and coding to testing and deployment, to minimize vulnerabilities in our platform.
Continuous Improvement: We are committed to regularly reviewing and improving our security policies, controls, and procedures to adapt to the evolving threat landscape.

Policy Enforcement

All employees and contractors are required to acknowledge and adhere to this Information Security Policy and all supporting procedures. Violations of this policy may result in disciplinary action, up to and including termination of employment or contract.