At FutureSoft, IT security is fundamental to protecting our business operations, client and partner data, and our reputation. Our services encompass consulting, staffing, and technology delivery across borders.
1. Governance & Responsibility
Clear Accountability: Senior leadership, including our data privacy officer and IT security leadership, are accountable for security oversight, while each individual has a responsibility to follow our standards.
Alignment with Business Goals: Security is not an isolated function—it underpins our integrity, client trust, and operational resilience.
Policy & Review: This Code, our Privacy Policy, and supporting procedures are reviewed periodically and updated to reflect evolving threats, technologies and regulatory obligations.
2. Protecting Personal & Sensitive Information
Data Minimisation & Classification: We collect only the personal information required for our operations (such as contact details, identifiers, employment or applicant data, financial details) in line with our Privacy Policy.
Access & Use: Access to personal or professional data is restricted to those with a business need. Credentials, IP addresses, device IDs and background verification data are handled securely.
Encryption, Storage & Transfer: Data in transit and at rest must be protected using appropriate encryption and technical controls. Processing may occur in the U.S. and Canada; by interacting with our services you consent to these transfers.
Retention & Disposal: We retain data only as long as necessary to fulfil contract, legal or business obligations. When no longer needed, we delete or anonymize it securely.
3. Secure Systems & Infrastructure
Baseline Controls: We maintain up-to-date anti-virus, firewall, patching, multi-factor authentication and secure configurations across our endpoints and networks.
Monitoring & Analytics: We deploy analytics, logging and monitoring tools to detect unusual activity (including browser/device usage, IP anomalies or unauthorized access).
Third-Party & Cloud Risk: Engagements with service providers (e.g., payroll, background verification, analytics) are governed by due-diligence, security assessments and contractual obligations to safeguard data shared externally.
4. Acceptable Use & User Behaviour
User Responsibilities: All users must use unique credentials, lock devices when unattended, report lost or stolen devices, avoid unauthorized software, and use secure networks (especially when remote).
Phishing & Social Engineering: We train users to identify phishing, malicious links, spoofed emails and unexpected requests. Individuals must report suspected incidents immediately.
Remote & Mobile Use: Where mobile devices or remote access are used, secure VPNs, encryption, updated OS and applications are mandatory. Public Wi-Fi and unsecured networks must be avoided or mitigated appropriately.
5. Incident Response & Recovery
Prompt Reporting: Any suspected or actual security incident—data breach, unauthorized access, ransomware, or lost device—must be reported to the IT security team promptly.
Investigation & Containment: Incidents are investigated, contained, logged, and disclosed where required by regulation or contractual obligation (consistent with our Privacy Policy).
Business Continuity: Our incident response plan covers detection, response, recovery and remediation. Post-incident root-cause analysis and lessons learned ensure continuous improvement.
6. Compliance, Training & Awareness
Regulatory Alignment: We comply with laws and regulations applicable to our operations (U.S., Canada and other jurisdictions as relevant). Security controls must meet or exceed industry standards.
Regular Training: All staff, consultants and partners receive initial and periodic training on IT security principles, data protection (as per our Privacy Policy), and their responsibilities.
Audit & Review: Security controls and practices are reviewed internally and, where appropriate, by external experts to ensure effectiveness and alignment with best practices.
7. Vendor & Supply-Chain Security
Due Diligence: Vendors, contractors and consultants who access our systems or data undergo security assessment, contractual obligations and ongoing monitoring.
Data Sharing: Personal information, professional records, or financial/education data shared with third-parties must be limited, authorised and governed by data protection agreements—no sale or rental of personal data is permitted (per our Privacy Policy).
Termination & Off-boarding: When a vendor relationship ends, access is revoked, data is returned or destroyed, and any credentials or access paths are removed.
8. Continuous Improvement & Technology Evolution
Threat Landscape Awareness: We monitor emerging threats, evolving technologies and regulatory changes. Controls and policies are updated proactively.
Metrics and Monitoring: We track security incidents, training completion rates, access violations and system vulnerabilities to drive improvements and board-level oversight.
Innovation With Risk Management: While we embrace new platforms and international workforce models, we do so with security embedded — reflecting our global recruitment, staffing and consulting services.
Conclusion
IT security is a shared responsibility and a strategic imperative at FutureSoft. By following this Code, each member of our extended organisation—employees, consultants, vendors and partners—contributes to safeguarding our information assets, upholding trust, and enabling our global operations with resilience and integrity.
If you have questions about this Code of IT Security, wish to report a security concern or request guidance:
FutureSoft Consulting Inc.
Attn: IT Security & Compliance Office
19900 Governors Drive, Suite 100
Email: procurement@futuresoft-it.com
