BAI Projects Pty Ltd (ACN 670 634 161) and BAI Teams, Inc. (a Delaware C Corporation) ("we," "us," or "our") are committed to maintaining the highest standards of information security. This document outlines our Information Security Standards, which apply to all employees, contractors, and third parties who have access to our information assets.
1. Purpose
The purpose of these Information Security Standards is to:
Protect the confidentiality, integrity, and availability of information assets.
Ensure compliance with applicable laws and regulations in both Australia and the United States.
Establish a framework for identifying, assessing, and managing information security risks.
2. Scope
These standards apply to all information assets owned, leased, or otherwise in the custody of BAI Projects Pty Ltd and BAI Teams, Inc., including but not limited to:
Electronic data
Physical documents
Information systems and networks
Intellectual property
3. Data Classification
Information assets are classified into the following categories:
Public: Information intended for public dissemination.
Internal: Information intended for internal use within the organization.
Confidential: Sensitive information that, if disclosed, could harm the organization or its clients.
Restricted: Highly sensitive information requiring strict access controls.
4. Access Control
Access to information assets is granted based on the principle of least privilege and need-to-know. Access controls include:
User authentication and authorization mechanisms.
Regular review of access rights.
Immediate revocation of access upon termination or role change.
5. Incident Response
We have established an Incident Response Plan to address information security incidents promptly and effectively. The plan includes:
Procedures for detecting, reporting, and assessing incidents.
Defined roles and responsibilities for incident response.
Communication protocols during and after an incident.
Post-incident analysis and remediation steps.
6. Physical Security
Physical access to information assets is controlled through:
Secure facilities with access controls.
Visitor management procedures.
Protection of equipment from environmental hazards.
7. Network Security
We implement network security measures to protect against unauthorized access, including:
Firewalls and intrusion detection/prevention systems.
Secure configuration of network devices.
Regular network vulnerability assessments.
8. Data Encryption
Sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols to prevent unauthorized disclosure.
9. Employee Training
All employees and contractors receive regular training on information security policies, procedures, and best practices to ensure awareness and compliance.
10. Compliance
We comply with all applicable information security laws and regulations, including but not limited to:
Australia: Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs).
United States: Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and state-specific regulations such as the California Consumer Privacy Act (CCPA).
11. Monitoring and Review
We continuously monitor our information security posture and review these standards periodically to ensure their effectiveness and relevance. Updates are made as necessary to address emerging threats and changes in regulatory requirements.
12. Contact Information
For questions or concerns regarding these Information Security Standards, please contact us at:
BAI PROJECTS PTY LTD (BAI AUSTRALIA) | BAI TEAMS, INC | LEGALINC CORPORATE SERVICES INC. |
Level 38, 71 Eagle Street | 2261 Market Street | 131 Continental Dr Suite 305, Newark, DE 19713 |
REGISTERED AGENT |