This Information Security Policy (“Policy”) sets forth the controls Gruntwork uses to ensure that information collected, stored, managed, or accessed by Gruntwork employees and contractors or through Gruntwork products, applications, or platforms, are adequately protected. By implementing and documenting the controls below, Gruntwork has established a framework to manage risks to the company, ensure compliance with applicable legal and regulatory requirements, and safeguard the company’s information technology, reputation, intellectual property, proprietary information, personal information, and customer data from misuse or compromise.
This serves as a central policy document with which all employees and contractors must be familiar, and defines actions and prohibitions that you must follow. However, no single policy can cover all the possible information security issues you may face. You must seek guidance from your manager or other designated Gruntwork resource before taking any actions that create information security risks or otherwise deviating from this Policy’s requirements. Gruntwork may treat any failure to seek and follow such guidance as a violation of this Policy.
This Policy covers all information and all computing resources used throughout Gruntwork’s operations. This Policy also applies to information assets owned by others, such as Gruntwork customers and sub-processors where Gruntwork has a legal, contractual, or fiduciary duty to protect those resources while they are in Gruntwork’s control or custody. All employees, contractors, or other entities acting on behalf of Gruntwork who use or access non-public information, Gruntwork-provided accounts, or other Gruntwork information systems to conduct Gruntwork business must adhere to this Policy.
“Confidential Information” means all information which Gruntwork has not released to the general public, including Proprietary Information and any information that Gruntwork receives from others under an obligation of confidentiality whether in written, electronic, or other form or media and whether or not marked, designated or otherwise identified as “confidential.”
“Device” means any desktop computer, laptop computer, tablet, handheld or mobile device, telephone or other electronic product or device that has a platform on which to download, install, or run any software program, code, script, or other content and with the capability to capture, access, or transmit Proprietary or other Confidential Information.
“Gruntwork Business” means all activities relating to Gruntwork’s technology, relationships, partnerships, financial affairs, and provision of DevOp services.
“Gruntwork-Provided Account” means any internet-based or other business account provided and controlled by Gruntwork.
“Proprietary Information” means all information of any kind (tangible and intangible, written and oral, and including information contained or transmitted through any electronic medium) owned by Gruntwork or licensed from third parties or that otherwise relates to Gruntwork’s actual or proposed business, which is not publicly available, including, without limitation, (i) research, development, technical data, trade secrets or know-how, drawings, engineering, hardware configuration information, products and product plans, services, marketing, selling and business plans, budgets, unpublished financial statements, licenses, prices, costs, contracts and other agreements, suppliers, customers, and customer lists, and other business information; (ii) information related to Gruntwork’s customers, including needs, preferences, terms, conditions, decision-maker and influencer identities, Gruntwork’s marketing strategies, and Gruntwork’s strategies as to individual customers, products, segments, and industries; (iii) identity, personal data, skills and compensation of employees, contractors, and consultants; (iv) specialized training; (v) information related to inventions owned by Gruntwork or licensed from third parties; and (vi) other non-public information relating to Gruntwork that is not readily ascertainable. Proprietary Information also includes compilations of information that relate to Gruntwork’s actual or proposed business and are not made public, even if underlying information or subsets of the underlying information are public. Proprietary Information may or may not be labeled or marked “proprietary” or “confidential.” In the event of a conflict or inconsistency with any provision or definition in any offer letter, employment contract, non-disclosure agreement, or proprietary invention and assignment agreement between you and Gruntwork, the terms of that agreement shall govern.
Gruntwork’s objectives for this Policy are the following: