Security Policy

The Viviscent Wellness Foundation (“VWF”) is committed to protecting the confidentiality, integrity, and availability of all organizational data, systems, and digital assets. This Security Policy outlines the safeguards, responsibilities, and procedures that ensure secure operations across the organization.

1. Purpose

This Policy establishes the security standards required to:

• Protect sensitive and confidential information
• Prevent unauthorized access to systems and data
• Ensure compliance with legal and regulatory requirements
• Maintain operational continuity and system integrity

2. Scope

This Policy applies to all employees, volunteers, contractors, partners, and any individual who accesses VWF systems, data, or digital resources.

3. Data Protection Standards

VWF implements administrative, technical, and physical safeguards to protect data, including:

• Encryption of sensitive data in transit and at rest
• Secure storage of physical documents
• Access controls based on role and necessity
• Regular backups of critical systems and data

4. Access Control

Access to systems and data is granted based on the principle of least privilege. Requirements include:

• Unique user accounts for all system access
• Strong password requirements
• Multi‑factor authentication where applicable
• Immediate revocation of access upon role change or separation

5. System Security

VWF maintains secure systems through:

• Regular software updates and patching
• Firewall and intrusion‑prevention systems
• Malware protection and monitoring
• Secure configuration of servers and applications

6. Incident Response

All suspected or confirmed security incidents must be reported immediately. VWF will:

• Investigate incidents promptly
• Contain and mitigate risks
• Document findings and corrective actions
• Notify affected parties when required by law

7. Training and Awareness

All personnel must complete periodic security training to ensure awareness of:

• Data protection responsibilities
• Recognizing phishing and social engineering threats
• Proper handling of sensitive information

8. Third‑Party Security

Vendors, contractors, and partners with access to VWF systems or data must adhere to equivalent security standards and may be required to sign security or confidentiality agreements.

9. Policy Violations

Violations of this Policy may result in disciplinary action, termination of access, removal from programs, or legal action where appropriate.

10. Policy Review

This Policy will be reviewed periodically and updated as necessary to reflect evolving security requirements and best practices.

Contact Us

For questions regarding this Security Policy, please contact:

Email: compliance@viviscentwellnessfoundation.org
Phone: 205‑460‑5305