Products

Overview of our Cloud Suite Services offering ID management solutions including digital ID, managed enrollment, secure connectivity, and access

Learn more

ID Card Printing, Design, Inline Encoding, Network Printing

Learn more

Professional Food Labels, Nutritional Templates, Allergen Clip-Art

Learn more

Manage and Pre-Register Visitors, Create Events, Evacuation Reports

Learn more

Magicard Printing, Design, Inline Encoding, Network Printing

Learn more
Support
Services
Blog
Company

Welcome at CardExchange®

CardExchange

Who We Are

Once Upon a Time

Contact Us

Careers

Working for Us

Resources

Our Services

News and Events

Our Blog

Coming Up

Partners

----> Partner Login

Legal

Legal Topics

WELCOME TO

CARDEXCHANGE®
LEGAL

OUR SECURITY POLICY

Main

EULA

Terms of License

Cloud

Security Policy

Rev v1.0, June 01, 2021

1. Introduction

CardExchange, Inc., which provides desktop ID card and visitor management software and SaaS based credential management solutions, is committed to preserving the confidentiality, integrity and availability of all assets, including personally identifiable information (PII), in scope of the information security management system (ISMS) in order to maintain its legal, regulatory and contractual compliance and commercial image. CardExchange Inc is committed to ensuring compliance with all applicable legislative, regulatory and contract requirements, including all applicable PII protection legislation. To achieve this, CardExchange Inc has implemented an ISMS in accordance with the international standard ISO/IEC 27001:2013. The ISMS is subject to continual, systematic review and improvement.

2. Policy Objectives

Information is made available to all authorized parties with minimal disruption to the business processes.
Information security and privacy risks are managed.
The integrity of this information is maintained.
Confidentiality of information is preserved.
Regulatory, legislative and other applicable requirements related to information security are met.
Appropriate information security and privacy objectives are defined and measured.
Appropriate business continuity arrangements are in place to counteract interruptions to business activities and these take account of information security.
Appropriate information security and privacy education, awareness and training is available to staff and relevant others, e.g. suppliers, working on behalf of CardExchange Inc.
Breaches of information security or privacy and security incidents, actual or suspected, are reported and investigated through appropriate processes.
Appropriate access control is maintained and information is protected against unauthorized access.
Continual improvement of the ISMS is made as and when appropriate.
Commitment to achieving, supporting and managing compliance with all applicable PII legislation, including the contractual terms agreed between CardExchange Inc and its clients.

3. Roles and responsibilities

The Chief Technology Officer (CTO) is accountable for the management and maintenance of the risk treatment plan. Additional risk assessments may, where necessary, be carried out to determine appropriate controls for specific risks. All employees and those working under the scope of the ISMS are expected to comply with this policy and with the ISMS that implements this policy. CardExchange Inc has established a Management Team (InfoSec) chaired by the Chief Operating Officer (COO) to support the ISMS framework and to periodically review the Information Security Policy.

Document owner and approval

The Chief Technology Officer (CTO) is the owner of this document and is responsible for ensuring that it is reviewed in line with the review requirements of the management system. For more information please email This email address is being protected from spambots. You need JavaScript enabled to view it.