Firmust General Products LLC

Last Updated: 05/27/2024

1. Introduction

Firmust General Products LLC (“Company,” “we,” “our,” “us”) is committed to ensuring the security of our customers’ and partners’ information. This Information Security Policy outlines our approach to protecting sensitive data and maintaining the confidentiality, integrity, and availability of information assets.

2. Company Information

Firmust General Products LLC
c/o Registered Agent Solutions, Inc.
838 Walker Road, Suite 21-2
Dover, DE 19904
USA
Email: support@firmust.com

3. Scope

This policy applies to all employees, contractors, and third-party service providers who have access to the Company’s information systems and data.

4. Information Security Objectives

Our primary objectives for information security are to:

  • Protect the confidentiality of data by ensuring that information is accessible only to authorized individuals.
  • Maintain the integrity of data by safeguarding its accuracy and completeness.
  • Ensure the availability of data and information systems to authorized users when needed.

5. Security Measures

We implement a range of security measures to protect our information assets, including:

  • Access Control: Strict access controls to ensure only authorized personnel can access sensitive data. This includes user authentication mechanisms such as strong passwords, two-factor authentication, and role-based access controls.
  • Encryption: Use of encryption to protect data in transit and at rest. Sensitive data is encrypted using industry-standard encryption algorithms.
  • Firewalls and Intrusion Detection Systems: Deployment of firewalls and intrusion detection/prevention systems to monitor and control network traffic and detect unauthorized access attempts.
  • Regular Security Audits: Regular audits and vulnerability assessments to identify and address security weaknesses.
  • Software Updates and Patch Management: Timely application of software updates and security patches to protect against known vulnerabilities.
  • Physical Security: Implementation of physical security measures to protect our data centers and office environments, including access controls, surveillance systems, and secure storage solutions.

6. Data Protection

We take the following measures to protect the data we collect and process:

  • Data Classification: Classify data based on sensitivity and implement appropriate protection measures for each classification level.
  • Data Minimization: Collect and process only the minimum amount of data necessary for legitimate business purposes.
  • Data Anonymization and Pseudonymization: When possible, use data anonymization and pseudonymization techniques to protect personal data.
  • Data Retention and Disposal: Retain data only for as long as necessary to fulfill business or legal requirements and securely dispose of data that is no longer needed.

7. Incident Response

We have established an incident response plan to address security breaches and other incidents:

  • Incident Identification: Prompt identification and reporting of security incidents.
  • Incident Investigation: Thorough investigation of incidents to determine the cause and impact.
  • Incident Containment and Mitigation: Immediate actions to contain and mitigate the impact of the incident.
  • Notification: Notification of affected parties as required by law and company policy.
  • Post-Incident Review: Conduct a post-incident review to identify lessons learned and improve our security posture.

8. Employee Training and Awareness

We provide regular training and awareness programs for our employees to ensure they understand their roles and responsibilities in maintaining information security. This includes training on:

  • Company security policies and procedures.
  • Recognizing and reporting security threats.
  • Best practices for data protection and secure computing.

9. Third-Party Security

We ensure that third-party service providers who have access to our data and systems adhere to our security standards:

  • Due Diligence: Conduct due diligence on third-party service providers to assess their security practices.
  • Contracts and Agreements: Include security requirements in contracts and service level agreements with third parties.
  • Monitoring and Auditing: Regularly monitor and audit third-party compliance with our security requirements.

10. Compliance

We comply with all applicable laws and regulations related to information security, including but not limited to:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other relevant state and federal data protection laws

11. Policy Updates

We may update this Information Security Policy from time to time. The updated version will be indicated by an updated “Last Updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this policy, we will notify you either by prominently posting a notice of such changes or by directly sending you a notification.

12. Contact Us

If you have any questions about this Information Security Policy, please contact us at support@firmust.com.