Security Policy


I. Introduction

This Security Policy outlines the measures taken by Forge Strategy Partners to safeguard the data and information processed through our simulation platform. We are committed to maintaining robust security controls in alignment with the requirements of all applicable regulations, standards and commitments to our clients. 


II. Scope

This policy applies to all employees, contractors, and third parties who interact with our simulation platform and have access to data processed therein.


III. Security Measures


A. Data Collection


Our simulation platform is designed not to collect personal information such as names, email addresses, etc. We only process data that is essential for providing our services and ensuring the platform's functionality. In the event that we receive personal data, this policy applies. 


B. Access Control


Access to data is strictly controlled and limited to authorized personnel.

Multi-factor authentication and strong password policies are enforced.


C. Encryption


All data transmissions are encrypted using industry-standard protocols.

Encryption keys are securely managed and regularly rotated.


D. Incident Response


We have established an Incident Response Plan to handle any security incidents or data breaches. See Addendum 1. 

Notifications will be made in accordance with legal requirements and client commitments.


E. Regular Assessments


Regular security assessments and audits are conducted to ensure continuous compliance with this policy.


F. Vendor Management


Vendors and Sub-processors are required to adhere to equivalent security measures.

IV. Compliance

This policy aligns with the requirements laid out in applicable laws, including GDPR and CCPA.


V. Review and Updates

This policy will be regularly reviewed and updated to reflect changes in our practices or legal requirements.


Addendum: Incident Response Plan (IRP)

I. Introduction

This Incident Response Plan (IRP) establishes the guidelines and procedures for responding to security incidents or data breaches involving our simulation platform. It aims to minimize the impact and protect the interests of all stakeholders.


II. Scope

This plan applies to all employees, contractors, vendors, and third parties who may be involved in or affected by an incident related to our simulation platform.


III. Definitions


Incident: Any event that violates our Security Policy or poses a threat to the confidentiality, integrity, or availability of data.


Data Breach: A specific type of incident where unauthorized access, disclosure, alteration, or destruction of data occurs.


IV. Incident Response Team (IRT)


A dedicated Incident Response Team shall be formed, comprising:


Incident Response Manager: Coordinates the overall response.

Security Analyst: Assesses the technical aspects of the incident.

Legal Counsel: Provides legal guidance and ensures compliance with regulations.

Communications Lead: Manages internal and external communications.


V. Incident Response Process


A. Identification


Detect and acknowledge the incident.

Report the incident to the Incident Response Manager.


B. Assessment


Classify the severity and nature of the incident.

Determine the affected data and systems.


C. Containment


Implement short-term measures to contain the incident.

Develop long-term strategies to prevent recurrence.


D. Eradication


Identify and eliminate the root cause.

Clean and restore affected systems.


E. Recovery


Monitor systems to ensure stability.

Document lessons learned and update policies as needed.


F. Notification


Notify affected parties, including users and regulators, as required by law and the DPA.

Coordinate with law enforcement if necessary.


VI. Documentation and Reporting


Maintain detailed records of the incident, response actions, and decisions.

Prepare a formal report for management, regulators, and other stakeholders as needed.


VII. Review and Improvement


Conduct a post-incident review to evaluate the effectiveness of the response.

Update the IRP and related policies to enhance readiness for future incidents.


VIII. Training and Awareness


Regular training and drills will be conducted to ensure readiness.

Awareness programs will be implemented to foster a security-conscious culture.



IX. Acknowledgment and Agreement

By engaging with our simulation platform, all parties agree to comply with this IRP and cooperate fully in the event of an incident.