Confidentiality
Access is granted on a need-to-know basis through authentication, segregation of duties, and periodic access reviews.
This policy defines the principles, responsibilities, and controls Tenebit uses to protect the confidentiality, integrity, and availability of information, aligned with ISO/IEC 27001 guidelines and practical operational governance.
Talk to our teamThis policy applies to information processed by Tenebit, the technology assets supporting its operations, its employees, contractors, and third parties involved in service delivery. Its purpose is to define consistent criteria to prevent incidents, reduce exposure, and respond in a timely manner when an event or suspected event affects information security.
Access is granted on a need-to-know basis through authentication, segregation of duties, and periodic access reviews.
Data, configurations, and logs must remain complete, accurate, and protected from unauthorized modification or operational error.
Critical processes and supporting information must be backed by reasonable continuity, backup, monitoring, and recovery measures.
Tenebit maintains administrative, physical, and technical controls proportionate to the level of risk in its operation. This includes access reviews, vulnerability handling, environment protection, backup practices, change control, event logging, supplier assessment, and incident response protocols.
Leadership reviews the effectiveness of this security model periodically and promotes decisions aimed at reducing risk, sustaining continuity, and reinforcing trust with clients, partners, and internal teams.
This policy is implemented through governance and operational controls covering the information lifecycle, system access, acceptable use of assets, and event response practices.
Security is managed through defined roles, approval criteria, risk review, and periodic follow-up of findings, incidents, and improvement actions.
Access is provisioned, changed, and revoked in a controlled way. Strong authentication, least privilege, and traceability for relevant activity are encouraged.
Critical assets should be identified, inventoried, and protected through secure configuration, segmentation, monitoring, and environment hardening where appropriate.
Relevant changes are executed under control, with impact review and fallback planning. Weaknesses are prioritized and addressed according to criticality and exposure.
Critical processes are supported by backup and recovery mechanisms to reduce the impact of failures, outages, or security incidents.
Third parties involved in service delivery are evaluated according to the services they provide, the access they receive, and the risk they pose to information.
Every employee or authorized third party is expected to report events, anomalies, or incidents that could compromise information security. Tenebit evaluates, classifies, contains, documents, and follows up on incidents based on impact, with the goal of restoring service and reducing recurrence.
This policy is reviewed periodically or whenever relevant changes occur in operations, technology, regulatory context, or the organization's risk profile.
We can walk you through the operational approach we use to manage access, continuity, monitoring, and response across our services.
Talk to Tenebit