The objective of TorchLight’s Information Security Program is to manage the risks associated with information assets maintained at the firm. The following crucial factors are taken into account in securing the firm’s critical information assets:
The principles guiding the Information Security Program shall be:
In any case where guidance is not specifically given, these principles shall be considered and adhered to.
TorchLight’s information security strategy is to protect and secure its systems, media, and facilities that process and maintain information vital to the operations of the firm through prevention, detection, and appropriate response. TorchLight’s information security strategy considers:
The Program is ongoing and must be continually adapted to embody a commercially reasonable approach to meet both changing business needs and the evolving cyber threats confronting TorchLight. This process includes:
Policies and Procedures
TorchLight has established specific policies and procedures pursuant to the Cyber Security Program. TorchLight may from time to time modify and amend their policies and procedures and additionally develop new policies through its ongoing assessments. The policies and operating practices implemented take into consideration:
In order to ensure that TorchLight is prepared for potential events that may affect business continuity, such as power failures, fires, cyber-attacks, etc. TorchLight will develop items such as the following:
Any employees who fails to comply with the Information Security Policy puts TorchLight at risk and subject to disciplinary action, up to, and including termination of employment.