Contact Us
Contact Us
mobile-logo
Top

Information Safety Policy

At Arpa, we are committed to safeguarding the integrity, confidentiality, and availability of all information we handle, whether it belongs to our clients, partners, employees, or internal operations. Our Information Safety Policy reflects our dedication to secure, ethical, and responsible data practices across all areas of our work.

Scope:

This policy applies to all Arpa personnel, contractors, systems, and platforms where information is collected, processed, stored, or transmitted. It encompasses both digital and physical data.

Data Classification

We classify information into the following categories:

  • Public: Openly available without restrictions.
  • Internal: For internal business use, non-sensitive.
  • Confidential: Sensitive information requiring limited access (e.g., client data, internal strategies).Restricted: Highly sensitive, requiring strict controls (e.g., credentials, PII, financial records).

Data Protection

We apply technical and organizational measures to ensure data is protected from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of data at rest and in transit
  • Role-based access control (RBAC)Secure coding practices in software development
  • Multi-factor authentication (MFA)Endpoint security and regular patching

Privacy and Compliance

We comply with relevant data protection laws and regulations, including:

General Data Protection Regulation (GDPR)Local and sector-specific regulations (e.g., in BFSI, healthcare)We collect only the minimum necessary data and ensure data subjects’ rights are upheld, including access, correction, and deletion upon request.

Employee Responsibilities

All team members are required to:

  • Complete annual information security awareness training
  • Report suspected security incidents immediately
  • Use secure channels for communication and data transfer
  • Adhere to ARPA’s acceptable use and password policies

Third-Party and Vendor Management

We ensure that all third parties with access to our systems or data meet our security requirements through:

  • Due diligence and security assessments
  • Confidentiality agreements
  • Regular audits and reviews

Incident Management

Arpa maintains an incident response plan to handle breaches or suspected breaches. This includes:

  • Immediate containment and investigation
  • Notification to affected parties if necessary
  • Root cause analysis and improvement of controls

Data Retention & Disposal

We retain information only for as long as necessary for business or legal purposes. When no longer needed, data is securely deleted or destroyed in accordance with best practices.

Continuous Improvement

We regularly assess our policies, procedures, and controls to align with evolving threats, technologies, and legal requirements. External audits and internal reviews are conducted periodically.

Contact Us

If you have questions about this policy or how we handle your data, please contact our Information Security Team at [email protected]