2 minute read
DATA SECURITY AND PRIVACY
We believe our customers, partners, employees, and other stakeholders deserve to have their data handled in a safe, lawful, and ethical manner. SGC and its divisions comply with applicable data security and privacy laws, as well as with the data privacy policies of our company, divisions, and customers.
Our internal security team is supported by multiple third-party resources that assist in continually improving our security posture. In addition, we invest in current technologies, perform regular penetration testing, and follow industry best practices to protect against threats. To further support our approach, in 2022 we hired a dedicated specialist to address our information security and data privacy compliance on a full-time permanent basis.
Data privacy and security training, certification, and compliance are prioritized across our organization. We use a well-known third-party security training platform to conduct multiple employee training sessions throughout the year covering security and privacy topics related to best practices, awareness, prevention, and remediation.
DATA SECURITY
Our information security and data privacy teams follow industry best practices related to data security. We comply with applicable laws and regulations, including HIPAA, maintain appropriate industry certifications, and take a variety of steps to safeguard our information and technology assets. Practices include secure data encryption, regular system audits, and use of a tier-one securedaccess data center.
Our data security approach is overseen by our Corporate Governance, Nominating, and Ethics Committee, which reviews related topics quarterly and discusses with the full board of directors at least once a year. Our company leaders manage data security practices across the company and its divisions to foster conscientious, responsible data security practices at every level of our organization.
DATA PRIVACY
SGC’s data privacy policy details how we collect, use, disclose, and store data provided by individuals who interact with our websites, communicate with us, or use our products, services, or applications. This policy includes information on the security practices and controls we employ to maintain data confidentiality and integrity.
In addition to SGC’s overarching privacy policy, certain SGC divisions, including BAMKO, CID Resources/WonderWink, Fashion Seal Healthcare, and The Office Gurus (TOG), adhere to supplemental privacy policies specifically geared toward their businesses and industries.
DATA SECURITY CERTIFICATIONS FOR SGC AND COMPANY DIVISIONS INCLUDE:
• Payment Card Industry Data
Security Standard • SOC 2 (System and Organization
Controls 2) • CertiPro Scrum Master
