Security Policy
Effective Date: November 25, 2025
At Sims-Lohman, we are committed to protecting the integrity, confidentiality, and availability of our
information systems and the data of our customers, partners, and employees. This Security Policy
outlines the key principles we follow:
1. Access Control
– Access to Sims-Lohman systems is granted on a least-privilege basis (users receive only the
permissions they need).
– Strong authentication (unique user IDs and secure passwords) is required for all systems.
– Accounts are reviewed periodically, and inactive or unnecessary accounts are deactivated promptly.
2. Data Protection
– We classify our data and handle it according to sensitivity; encryption is applied where feasible.
– Backup and recovery processes safeguard critical data.
– Data retention and disposal meet legal and business requirements.
3. Network and System Security
– Network infrastructure is configured to protect against unauthorized access.
– Systems are patched regularly and scanned for vulnerabilities.
– Critical systems are segmented to limit impact in the event of a breach.
4. Security Monitoring and Incident Response
– Security events are logged and monitored; suspicious activity is investigated promptly.
– A documented Incident Response Plan guides our response to incidents.
– When legally required, affected parties and regulators will be notified following a breach.
5. Physical and Environmental Security
– Access to facilities housing critical systems is restricted and monitored.
– Environmental protections ensure system stability.
6. Third-Party and Vendor Management
– Vendors are evaluated for security practices and required to meet our standards.
– Contracts include data protection, confidentiality, and incident reporting requirements.
7. Training and Awareness
– Employees receive regular security awareness training.
– We encourage prompt reporting of potential vulnerabilities or incidents.
8. Continuous Improvement
– Security controls are reviewed and updated regularly.
– Periodic audits and assessments help validate security effectiveness.
Scope
This policy applies to all individuals, systems, processes, and assets operated or controlled by
Sims-Lohman.
Review Cycle
This Security Policy will be reviewed annually or after major operational, technological, or regulatory changes.