Information security is a holistic discipline, meaning that its application, or lack thereof, affects all facets of an organization or enterprise. The goal of the J-Tricks Information Security Program is to protect the Confidentiality, Integrity, and Availability of the data employed within the organization while providing value to the way we conduct business. Protection of the Confidentiality, Integrity, and Availability are basic principles of information security, and can be defined as:
Confidentiality – Ensuring that information is accessible only to those entities that are authorized to have access, many times enforced by the classic “need-to-know” principle.
Integrity – Protecting the accuracy and completeness of information and the methods that are used to process and manage it.
Availability – Ensuring that information assets (information, systems, facilities, networks, and computers) are accessible and usable when needed by an authorized entity.
J-Tricks has recognized that our business information is a critical asset and as such our ability to manage, control, and protect this asset will have a direct and significant impact on our future success.
The J-Tricks Information Security Program is built around the information contained within this policy and its supporting policies.
The purpose of the J-Tricks Information Security Policy is to describe the actions and behaviors required to ensure that due care is taken to avoid inappropriate risks to J-Tricks, its business partners, and its stakeholders.
The J-Tricks Information Security Policy applies equally to any individual, entity, or process that interacts with any (District/Organization) Information Resource.
J-Tricks maintains and communicates an Information Security Program consisting of topic-specific policies, standards, procedures and guidelines that:
Serve to protect the Confidentiality, Integrity, and Availability of the Information Resources maintained within the organization using administrative, physical and technical controls.
Provide value to the way we conduct business and support institutional objectives.
Comply with all regulatory and legal requirements, including:
HIPAA Security Rule,
State breach notification laws,
PCI Data Security Standard,
Information Security best practices, including ISO 27002 and NIST CSF,
All other applicable federal and state laws or regulations.
Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.
*The information security program is reviewed no less than annually or upon significant changes to the information security environment.
Waivers from certain policy provisions may be sought following the J-Tricks Waiver Process.