Information Security
ACA Group Information Security Policies
As of March, 2021
ACA Group (“ACA”) has developed and implemented an Information Security Management Program (“ISMP”) to ensure that ACA has a robust information safeguarding program that addresses ACA’s information safeguarding obligations under applicable privacy and information safeguarding laws, as well as ACA’s contractual obligations.
Specifically, ACA’s ISMP is designed to:
- Maintain the security and confidentiality of certain information received by, stored at, sent out, or otherwise used by, ACA;
- Protect against anticipated threats or hazards to the security or integrity of such information; and
- Protect against unauthorized access to or use of such information in a manner that creates a substantial risk of identity theft or fraud.
All ACA employees and independent contractors are subject to the ISMP while performing services for ACA.
ACA’s General Counsel and ACA’s Chief Information Security Officer serve as the “ISMP Coordinators.” The ISMP Coordinators are responsible for maintaining and annually updating the ISMP and annually training ACA employees on information security.
The ISMP includes a number of information security policies and standards for the following areas:
- Acceptable use;
- AI Governance;
- Network and cloud security (encryption, firewalls, anti-virus protection, malware protections, etc.);
- Computer and mobile device security;
- Removable media security (USB flash drives, etc.);
- Physical security (locks/keys, clean desk policy, printers, visitor access, etc.);
- Secure software development;
- Secure transmission of information (mail, E-mail, SFTP, etc.);
- Secure destruction of sensitive information; and
- Security incident reporting.
In addition to ACA's ISMP, ACA maintains a variety of other policies and procedures to support its information safeguarding program, including, but not limited to, the following:
- Incident Response Plan
- Crisis Management Plan
- Disaster Recovery and Business Continuity Plan
- Global Privacy Policy