Explore ISC
Information Security Charter
In the course of carrying out its business objectives staff at Monstrous Media Group LLC (“MMG”) collect many different types of information, including financial, medical, human resources and other personal information. MMG values the ability to communicate and share information appropriately. Such information is an important resource of MMG and any person who uses information collected by MMG has a responsibility to maintain and protect this resource. Federal and state laws and regulations, as well as industry standards, also impose obligations on MMG to protect the confidentiality, integrity and availability of information relating to all staff and clients. In addition, terms of certain contracts and MMG policy require appropriate safeguarding of information.
Acceptable Usage of Information Resources Policy
This Policy establishes the accountability of all Users (as defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc) of MMG’s Information Resources. It addresses the confidentiality, integrity and availability of such Resources in support of the MMG missions, codifies appropriate usage and establishes the need for Users to respect the rights of others and to be in compliance with other MMG policies, policies of external networks and resources, and all applicable federal, state and local laws and regulations.The MMG Information Resources are provided to support the creative development missions of MMG and their supporting creative management functions. Inappropriate use of these Information Resources threatens the atmosphere for the sharing of information, the free exchange of ideas and the security of an environment for creating and maintaining Information Resources.This Policy applies to the access and use of the MMG Information Resources, whether originating from MMG or non-MMG Information Resources, including personal computers, as well as the access and use of Information Resources provided by research sponsors to, or leased or hired by, MMG Users.
Business Continuity and Disaster Recovery Policy
MMG requires adequate protections to be established to assure the continuity and recovery of the MMG’s business following the loss of Systems (as defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc that are critical to the operations of a business unit of the MMG (a “Key Business System”). This Policy defines acceptable methods for business continuity and disaster recovery planning, leveraging a risk-based analysis in order to prepare for and maintain the continuity of the MMG’s operations in case of the loss of a Key Business System. Capitalized terms used herein without definition are defined in the Charter.
Data Classification Policy
As indicated in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc, any person who uses, stores or transmits Data (as defined in the Charter) has a responsibility to maintain and safeguard such Data. The first step in establishing the safeguards that are required for a particular type of Data is to determine the level of sensitivity applicable to such Data. Data classification is a method of assigning such Data.
Electronic Data Security Breach Reporting and Response Policy
MMG is committed to compliance with all applicable federal and state laws and regulations relating to the compromise of Sensitive Data (as such term is defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc). This Policy establishes measures that must be taken to report and respond to a possible breach or compromise of Sensitive Data, including the determination of the Systems affected, whether any Sensitive Data have in fact been compromised, what specific Data were compromised and what actions are required for forensic investigation and legal compliance. Capitalized terms used herein without definition are defined in the Charter.
Email Usage Policy
Email is an expedient communication vehicle to send messages to the MMG community. The MMG recognizes and has established the use of email as an official means of communication. However, use of an email system at the MMG requires adequate security measures to protect the Data (as such term is defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc.
External Hosting Policy
This Policy describes the requirements for appropriate and approved use of externally hosted MMG MMG Systems and/or Data (as each is defined in MMG MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc.
Information Resource Access Control and Log Management Policy
This Policy describes the process of authorizing, establishing, documenting, reviewing and modifying appropriate access to MMG Information Resources that process, transmit and/or store Data (as each term is defined in MMG’s Information Security Charter (the “Charter”) [https://www.monstrousmediagroup.com/isc]. Such access is limited to, staff and contractors of MMG who have been properly authorized to carry out legitimate business tasks.
Information Security Risk Management Policy
As provided in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc, MMG is charged with protecting the confidentiality, integrity and availability of its Information Resources (as defined in the Charter). To accomplish this task, a formal Information Security Risk Management Program has been established as a component of MMG’s Information Security Program (as defined in the Charter) to ensure that MMG is operating with an acceptable level of risk. The Information Security Risk Management Program is described in this Policy. Capitalized terms used herein without definition are defined in the Charter.
Network Protection Policy
The secure management of MMG Network (as such term is defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc, which may span organizational boundaries, requires the careful consideration of the flow of information and the regulatory requirements regarding monitoring and protection of Networks. MMG requires that all Network, communications and telecommunications related equipment and devices, including cabling, be installed and maintained by MMG Information Technology (MMGIT).
Physical Security
This Physical Security Policy outlines the requirements for managing physical access to MMG facilities to ensure the safety and security of MMG’s physical assets, personnel, and information. The policy applies to all MMG employees, contractors, vendors, and visitors and covers all MMG locations and any off-site locations where MMG business is conducted. Employees must use identification badges for facility access, while contractors and vendors need pre-approval and registration to receive temporary badges. All access must be authorized and documented. Non-company employees are prohibited from bringing visitors onto MMG office grounds without prior authorization, and all visitors must be accompanied by an authorized MMG officer at all times, registering upon arrival and wearing visitor badges. Facility security measures include surveillance cameras, alarm systems, and regular security patrols to monitor and protect MMG premises. Sensitive areas have restricted access, and an up-to-date inventory of physical assets is maintained, with immediate reporting of any loss or theft to the Information Security Office for investigation and corrective action. Compliance with this policy is ensured through regular employee training on physical security protocols and audits to verify adherence. The policy is reviewed annually and revised as necessary.
Registration and Protection of Endpoints Policy
This Policy describes the requirements for security controls to protect Endpoints that process, transmit and/or store Data (as each is defined in the MMG Information Security Charter (the “Charter”)) https://www.monstrousmediagroup.com/isc. Such requirements differ depending on whether such Data is Sensitive Data, Confidential Data, Internal Data or Public Data (as each is defined in the Charter).No distinction is made in this Policy between an Endpoint owned by the MMG or personally owned. All Information Security Policies (as defined in the Charter) will apply to a personally owned Endpoint used for MMG business.Any Endpoint that processes, transmits and/or stores Data must be registered in accordance with Section III(A) and have the minimum protection requirements set forth in Section III(B) or (C) and, if applicable, Sections III(D), (E), and/or (F), in each case for the most restricted class of Data that is processed, transmitted or stored on such Endpoint.
Registration and Protection of Systems Policy
This Policy describes the requirements for security controls to protect Endpoints that process, transmit and/or store Data (as each is defined in MMG Information Security Charter (the “Charter”)) https://www.monstrousmediagroup.com/isc. Such requirements differ depending on whether such Data is Sensitive Data, Confidential Data, Internal Data or Public Data (as each is defined in the Charter).No distinction is made in this Policy between an Endpoint owned by MMG or personally owned. All Information Security Policies (as defined in the Charter) will apply to a personally owned Endpoint used for MMG business.Any Endpoint that processes, transmits and/or stores Data must be registered in accordance with Section III(A) and have the minimum protection requirements set forth in Section III(B) or (C) and, if applicable, Sections III(D), (E), and/or (F), in each case for the most restricted class of Data that is processed, transmitted or stored on such Endpoint.
Sanitization and Disposal of Information Resources Policy
A large volume of Data is stored on Systems (as each such term is defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc throughout MMG. A substantial amount of this Data consists of Sensitive Data or Confidential Data (as each such term is defined in the Charter). Unauthorized disclosure of such Data may expose MMG to legal liability. Data sanitization is the deliberate and permanent removal of Data from an Information Resource. This Policy defines the appropriate sanitization and disposal methods to be used.
Social Security Number (SSN) Usage Policy
A large volume of Data is stored on Systems (as each such term is defined in the MMG Information Security Charter (the “Charter”) https://www.monstrousmediagroup.com/isc throughout MMG. A substantial amount of this Data consists of Sensitive Data or Confidential Data (as each such term is defined in the Charter). Unauthorized disclosure of such Data may expose MMG to legal liability. Data sanitization is the deliberate and permanent removal of Data from an Information Resource. This Policy defines the appropriate sanitization and disposal methods to be used.