Figureland Security Policy

GBP £

AED د.إ ALL L ANG ƒ ARS $ AUD $ AWG Afl BBD Bds$ BDT ৳ BGN лв BHD BD BIF FBu BMD $ BND B$ BOB Bs BRL R$ BSD $ BWP P BZD $ CAD C$ CHF SFr CLP CLP$ CNY 元/¥ COP COL$ CRC ₡ CUP $MN CVE Esc CZK Kč DJF Fdj DKK kr DOP RD$ DZD DA EGP E£ ETB Br EUR € FKP £ GIP £ GMD D GNF FG GTQ Q GYD G$ HKD HK$ HNL L HRK kn HTG G HUF Ft IDR Rp ILS ₪ INR ₹ IQD dinars ISK kr JMD J$ JOD JD JPY ¥ KES KSh KHR ៛ KMF CF KPW ₩ KRW ₩ KWD KD KYD CI$ KZT ₸ LAK ₭ LBP .ل.ل LKR Rs LRD L$ LYD LD MAD DH MDL L MKD den MMK K MNT ₮ MOP MOP$ MRO UM MUR ₨ MVR Rf MWK K MXN Mex$ MYR RM NGN ₦ NIO C$ NOK kr NPR रू NZD NZ$ OMR ر.ع. PAB B/ PEN S/ PGK K PHP ₱ PKR ₨ PLN zł PYG ₲ QAR QR RON RON RUR ₽ SAR SR SBD SI$ SCR SRe SEK kr SGD S$ SHP £ SLL Le SOS Sh.So. SVC ₡ SYP £S SZL E THB ฿ TND DT TOP T$ TRY ₺ TTD TT$ TWD NT$ TZS TSh UAH ₴ UGX USh USD $ UYU $U VEF Bs VUV VT WST WS$ XAF FCFA XCD $ XOF CFA XPF ₣ YER ﷼ ZAR R ZMK K

FIGURELAND
Information Security Policy

Placeholder

FIGURELAND
Policy Owner: Steven Jarvis
Policy Maintenance: Steven Jarvis
Person Responsible: Steven Jarvis

Purpose
Figureland manages data under three main principles:

Confidentiality: Ensures that sensitive information such as customer data and business secrets is accessible only to authorise individuals to protect privacy and maintain trust. It involves implementing measures to safeguard this information from unauthorised access or disclosure.

Integrity: Ensures that the data is accurate, complete, and protected against unauthorised alteration.

Availability: Ensures that information and systems are accessible to authorised users when needed, minimising downtime and disruptions. This involves implementing reliable hardware, backup solutions and disaster recovery plans to maintain continuous access to information.

Data managed in any form always requires adequate protection to safeguard business information and assets.

A security incident can lead to brand damage, financial losses, compromised trading capabilities or even violations of regulations and laws, adversely affecting Figureland. Thus, it is the duty to always comply with this policy and all related documents.

Along with the Information Security Policy there are two other critical documents that together aim to protect the business, and the assets managed.

Objectives

Figureland’s security objectives are to ensure:

Information has been stored securely, made accessible only to authorised personnel, and shared appropriately, respecting the confidentiality and integrity of the actual data.
All controls, whether physical, logical or procedural, have been implemented to provide an appropriate balance between user experience and the required level of security, ensuring both efficiency and protection.

We have met our contractual and legal obligations relating to information security, affirming our compliance with external requirements and internal standards.
Our ongoing change, development and improvement processes have actively incorporated information security considerations at every step to protect business assets, showcasing our dedication to continuous enhancement.
Incidents, if any, have been identified, investigated and addressed appropriately and in a timely manner, with the results of these incidents used to refine and enhance our procedures for future events, thus improving our resilience and response strategies.
We have actively maintained and updated both our security posture and our policies to reflect evolving situations ensuring our approaches remain relevant and effective.

Scope

The Information Security Policy, along with its supporting controls, processes and procedures, is applicable to all information owned by or under the responsibility of Figureland, regardless of the format in which the information is stored.

The Information Security Policy and its supporting controls, processes and procedures apply to all individuals who have access to Figureland’s information and technologies. This includes both employees and external parties that provide information processing services to Figureland ensuring comprehensive coverage and protection across all interactions with Figureland’s information assets.

Compliance monitoring

Compliance with the established controls outlined in the Information Security Policy will be diligently monitored by the owner of Figureland, Mr Steven Jarvis, who is tasked with ensuring transparency and accountability in all security efforts.

The overarching responsibility for the information security of Figureland is allocated to the owner of Figureland, Mr Steven Jarvis, who oversees all aspects of information security, from policy implementation to compliance monitoring, ensuring that all security measures are robust and effective.

Review

To ensure that all policies remain current and fully aligned with evolving security requirements, a comprehensive review will be conducted at least annually. This review will be undertaken by the designated policy owner, Mr Steven Jarvis, who is responsible for assessing the policy’s effectiveness and alignment with the latest security practises and regulatory requirements. Subsequently, any modifications or updates proposed during the review must be formally approved by the policy owner, Mr Steven Jarvis, to ensure that changes are both necessary and beneficial for enhancing the information security framework.

Organisation of information security

Figureland commits to documenting, implementing, and maintaining a robust governance structure for information security management. This includes the clear assignment of security responsibilities to ensure the effective implementation, management, and operation of information security controls across the business. It will document, implement and maintain appropriate governance for the management of information security. This will include assignation of identified security responsibilities to implement, manage and operate effective information security controls within Figureland.

System acquisition, development and maintenance

Figureland enforces rigorous information security practices during the acquisition, deployment, maintenance, or replacement of systems, adhering to the following principles:

Industry standards compliance: All systems are configured in accordance with recognized industry standards.
PCI DSS Compliance: Given Figureland’s obligation to adhere to the PCI Data Security Standard, all changes are evaluated for the impact on PCI DSS compliance throughout the system lifecycle. Significant changes within the PCI DSS scope undergo formal reviews to ascertain compliance impact and ensure secure, compliant deployment.
Environment segregation: Test, development, deployment and operational environments are distinctly separated with strict access controls ensuring clear segmentation and minimize risk.
Protection against malicious software: Systems susceptible to malware are safeguarded by appropriate antivirus or protective technologies. Periodic reviews confirm the validity of exemptions to this requirement.

Information security incident management

Figureland establishes clear definitions and protocols for identifying, reporting, and managing information security incidents:

Incident definitions and responses: We will define what constitutes an Information Security Incident and detail the appropriate response and reporting procedures. This ensures a standardized approach to incident management across the organization.
Reporting and investigation: All actual or suspected breaches of information security will be promptly reported. Each incident will undergo a thorough investigation, with findings documented to inform future prevention strategies.

Information security aspects of business continuity management

Figureland implements comprehensive arrangements to protect and swiftly recover critical business operations in the event of any disruptions affecting information systems, regardless of their origin.

Compliance
Figureland ensures that the design, operation, use, and management of information systems strictly comply with all relevant statutory, regulatory and contractual security requirements.