Legal

Information Security Policy and Procedures

This Information Security Policy describes the controls B2B Marketing Archives maintains to protect company and customer information assets. It applies to all employees, contractors and systems. Effective January 1, 2026.

Scope

Applies to all information assets owned, leased or otherwise controlled by the company, in any format and any location.

Roles and Responsibilities

The Information Security Officer owns the program and reports to the CEO.

All personnel are responsible for protecting information assets they access and reporting any suspected incident.

Acceptable Use

Company systems are provided for legitimate business purposes only.

Confidential information must not be transmitted over unencrypted channels or stored on personal devices.

Access Management

User accounts follow least-privilege principles and require multi-factor authentication for sensitive systems.

Privileged access is logged and reviewed quarterly.

Change and Configuration Management

All production changes follow a documented change-management process with peer review and rollback plan.

System configurations are hardened to industry baselines (CIS, NIST) where applicable.

Incident Response

We maintain a documented incident-response plan covering detection, containment, eradication, recovery and post-incident review.

Customers will be notified of incidents affecting their data within the timelines required by applicable law.

Training and Awareness

All personnel complete security-awareness training upon hire and annually thereafter.

Phishing-simulation exercises are conducted quarterly.

Contact

Security questions can be directed to info@b2bmarketingarchives.com.

Need to talk to our compliance team?