Privacy Policy

Privacy and Information Security Audit and Oversight Policy

Purpose

This document establishes the corporate policy and standards for audit and oversight of company activities to ensure information and data remains secure at Mississippi Title Group, LLC.

Policy

Privacy and information security procedures at Mississippi Title Group, LLC must be reviewed annually or as needed based on prevailing business conditions to prevent the improper use and/or disclosure of confidential information. Information security issues include, but are not limited to

  • Evaluating current risk assessment, management, and control activities
  • Addressing service provider arrangement concerns
  • Addressing known security breaches, violations, or other concerns
  • Analyzing summary results of security testing procedures
  • Providing recommendations for program modifications or enhancements

Risk Assessment

The Office Manager continually monitors and evaluates confidential corporate and customer data to account for business process changes, technology changes, emerging vulnerabilities and threats, and other relevant factors that may impact the security or integrity of this information. These assessments are designed to

  • Identify technical and business process vulnerabilities
  • Determine the effectiveness of existing company policies and procedures

Additionally, the Office Manager maintains a risk assessment system comprised of various anticipated risk factors, weighted with their forecasted probability, resulting in a calculated risk value for a variety of technology systems, business processes, and data sources. The risk assessment system is reviewed and updated on a quarterly basis.

Oversight

To ensure that due diligence is exercised in selecting Service Providers, the Office Manager verifies that

  • All agreements with third-party service providers

–    Are reviewed by legal counsel

–    Include provisions for safeguarding Mississippi Title Group, LLC company and customer information

  • All service provider contracts include a corporate confidentiality agreement
  • Service providers provide proof that they have met the requirements of the Gramm-Leach-Bliley privacy act, when appropriate
    Note: Acceptable forms of proof are service provider audit reports, Service Organization Control (SOC) reports, or compliance tests performed by Mississippi Title Group, LLC

Monitoring

Mississippi Title Group, LLC will monitor its systems and applications to reasonably ensure that safeguards are being followed and to quickly detect and correct breakdowns in security. An appropriate level of monitoring will be based on the potential impact and probability of the risks identified, as well as the sensitivity of the information provided. Monitoring will include

  • Sampling
  • Performing system checks
  • Reviewing system access reports
  • Reviewing logs
  • Conducting audits
  • Performing any other reasonable measures to adequately verify that information security controls, systems, and procedures are working

Auditing

Mississippi Title Group, LLC will periodically conduct audits of

  • Activity logs
  • Performance data
  • Unauthorized access
  • Viruses and other malicious code
  • Any other indicators of integrity loss

Mississippi Title Group, LLC and its third party contractors shall cooperate with and avail themselves of any central services providing support for and/or review of these activities as well as perform more sophisticated procedures such as penetration testing and real-time intrusion detection.

Network Probing

Because the loss of integrity of any device or server on a network provides a platform for launching attacks on the integrity of the entire network, the [Company Department] will periodically probe the Mississippi Title Group, LLC network and network servers for vulnerabilities using software tools designed for this purpose.

Violation of Policy

Failure to adhere to all requirements stipulated in this policy and all related documents may result in disciplinary actions, up to and including

  • Immediate removal of any applicable hardware/software/access to the Mississippi Title Group, LLC computer network or business systems
  • Formally reporting the incident to Mississippi Title Group, LLC senior management
  • Termination of employment
  • Any other action deemed necessary by Mississippi Title Group, LLC senior management

Review

Mississippi Title Group, LLC has voluntarily adopted this policy for its sole and exclusive use. This policy and all related documents will be reviewed annually or as needed based on prevailing business conditions.

Approved

George S. Haymans, IV

Revision History

Version Number Revised Date Effective Date Approved By Brief Change Summary