Money Care

Enterprises Information
Security Policy
(EISP)
CCS113 - Information Assurance Security

Group 4
Escopete, Joana Mae B.
Esguerra, Dave V.
Evangelista, Renzo F.
Ferreras, Vince Austin R.
Figueroa, Coleen Chloie C.
1. Privacy and Access to Personal Information Policy

1.1. Statement of Purpose

Establish a policy on the privacy of personal information and the
conditions under which it may be accessed and/or released without the user's
consent.
1.2. Information Security Elements
Personal information is provided (as appropriate) in accordance with this
Privacy Policy and with the user’s consent in a separate, formal statement:
● To entities and under conditions mandated by law;
● With relation to outside service providers or third-party service
providers;
● To other organizations to which the data must be sent in order to
achieve the processing's goals.
The information should be preserved and stored in accordance with the
purpose for which it was processed if it is essential to keep the data for a specific
amount of time due to legal requirements. In an independent formal declaration
that is signed by the user and is specific to the processing goal, the duration of
retention for personal data is stated.
1.3. Need for Information Security
Information entrusted to us is safeguarded in process and storage by the
information security policy, which also safeguards its confidentiality, integrity,
and availability. The danger of security breaches, loss of data assets, unauthorized
access to information, damage and system disruptions, and other associated
security concerns are reduced by effective adherence to the enforced information
security rules and by providing the necessary training and education. It is essential
for establishing credibility and trust as well.
1.4. Information Security Responsibilities and Roles
Department of IT Units and IT Resources Owners - Implement and oversee
adherence to this standard, as well as any pertinent policies, standards, and best
practices, for IT resources in their charge. To safeguard IT resources, if necessary,
establish additional policies, processes, or other requirements that go beyond this
standard.
IT Security and Policy Identity and Access Management - Provide
departments and academic units with identity, authentication, and authorisation
services.
Data Users - Those who access personal data to carry out their given tasks. Data
Users are accountable for maintaining the security of their access rights, using
personal data they have access to in accordance with the risk level assigned to it,
and adhering to IT standards.
1.5. Reference
Republic Act 10173 - Data Privacy Act of 2012
https://www.privacy.gov.ph/data-privacy-act/
Data Protection and Privacy Laws
https://id4d.worldbank.org/guide/data-protection-and-privacy-laws
Privacy Design Guidelines for Mobile Application Development
https://www.gsma.com/publicpolicy/wp-content/uploads/2018/02/GSMA-
Privacy-Design-Guidelines-for-Mobile-Application-Development.pdf