Information Security Policy and Guidelines for Suppliers
Semantix’s Information Security Policy and Guidelines apply to all forms of information including:
- speech, spoken face to face, or communicated by phone or radio;
- hard copy data printed or written on paper;
- information stored in manual filing systems;
- communications sent by post / courier, fax, electronic mail, social media;
- information stored and processed via servers, PCs, laptops, mobile phones, PDAs;
- information stored on any type of removable media, CDs, DVDs, tape, USB memory sticks, digital cameras.
Devices and discs
Devices used for processing data from Semantix
- must be kept in a locked area if not used;
- must be protected with automatic lock with a maximum unlock time of 5 minutes;
- must never be left unattended in public areas;
- must only be accessed by authorised personnel.
All discs processing data from Semantix should be encrypted.
It is the duty of the Supplier to ensure that the IT equipment used to perform assignments is equipped with updated anti-virus protection and protection against breaches of the IT systems, such as a firewall or the equivalent.
It is the duty of the Supplier to ensure that devices used for Semantix assignments are password protected. Furthermore, passwords must be changed at least once every 6 months.
- Minimum length: 8 characters
- Must contain characters from at least three of the following categories:
- English upper case
- English lower case
- Numbers (0 through 9)
- Non-alphabetical characters e.g. #, %, $.
- Choose a password that is easy for you to remember, but impossible for others to guess.
- Do not use words that are commonly used or somehow connected to you.
- Do not share your password with others.
- Do not write down your password.
- Do not use the same password on your devices as you use for other Internet services.
- If your password has been revealed to someone else, change it immediately.
Public machine translation and file-sharing freeware
Due to confidentiality issues, the Supplier may not use public machine translation (e.g. Google Translate) or file-sharing freeware (e.g. WeTransfer and Dropbox) in connection with assignments from Semantix.
Please check with a Semantix Project Manager before initiating any transfer.
Public computers and internet connections
The Supplier may not use public computers (e.g. at internet cafés, libraries or similar) in connection with assignments from Semantix or access our sites (i.e. Dashboard, Sesam etc.) from public internet connections (e.g. airports, cafés, restaurants etc.).
The Supplier may not print Semantix customer documents neither on personal nor public printers, unless agreed with Semantix. Customer documents are per definition confidential.
Specific customer instructions in regards to destruction of data and printed material must always be observed.
Semantix sensitive and confidential matters, be they customer or supplier related (e.g. pricing), must not be discussed with third parties (neither spoken nor written).
It is the duty of the Supplier to keep updated on security related happenings, e.g. global virus spreads, and to apply healthy suspicion with regard to the reliability of websites and email messages.
- Do not open email messages if you are uncertain about their origin.
- Do not click on any links or open any attachments in email messages from unknown senders.
- Be cautious about pop‐up windows, advertisements and invitations.
The Supplier agrees to report to Semantix IT Service desk if the Supplier suspects that there may have been a security breach or system abuse on the Supplier’s computer and/or other devices.
If in doubt regarding the security level of your devices, please contact Semantix prior to data processing.