Data Governance

The Records Control Procedure establishes the rules to be followed in order to maintain control of the identification, storage, protection, retrieval, retention time and disposition of records inside the Company.

The Records Management Policy outlines the principles and minimum standards for Record creation, classification, retention and destruction within the Company and its subsidiaries, affiliates, branches and representative offices.

The objectives of the Review, Retention and Supervision of Electronic Communications Policy are to set forth the Company’s restrictions and requirements regarding electronic communications, including but not limited to e-mail,…

The objective of the Secure Operation and Compliance Standard is to ensure that the Company adheres to the highest standards of information security. It is committed to upholding client confidentiality…

The Security Incident Management Standard sets the minimum requirements for security incident management in support of the IT Risk Policy for Information Security, including requirements for analyzing, handling and reporting…

The Security Incident Procedure provides a method for investigation of security incidents. The objective of this procedure is to provide clarity and consistency to the process of conducting Security investigations…

The objective of this policy is to reminds personnel of their responsibilities with respect to electronic communications, and specifically to social media.

The Use of Electronic Communications Policy sets out the principles and procedures applicable to electronic communications, including email, instant messaging, digital faxing and other electronic communication services, of Company personnel.

This standard documents the security requirements for Wireless solutions within the Company.