Information Security Policy
Last updated: March 2026
1. Purpose and Scope
This Information Security Policy establishes the framework for protecting SupportHub's information assets, customer data, and technology infrastructure. The policy defines security standards, responsibilities, and procedures to ensure the confidentiality, integrity, and availability of all information systems.
Scope: This policy applies to all employees, contractors, consultants, temporary workers, and third parties who access SupportHub systems, networks, or data, regardless of location or device ownership.
2. Roles and Responsibilities
Information security is a shared responsibility across the organization:
2.1 Security Officer
2.2 All Personnel
3. Data Classification
SupportHub classifies data into three categories to determine appropriate security controls:
3.1 Public Data
Information intended for public disclosure or already publicly available.
Examples:
Controls: No special handling required, but integrity must be maintained.
3.2 Confidential Data
Internal business information that could harm the company if disclosed.
Examples:
Controls: Access restricted to employees with business need; encrypted in transit; secure storage required.
3.3 Highly Confidential Data
Sensitive information that could cause significant harm if disclosed, including all customer data.
Examples:
Controls: Strict access controls with MFA required; encrypted at rest and in transit; audit logging enabled; regular access reviews; secure deletion procedures.
4. System Architecture and Trust Boundaries
SupportHub operates a cloud-native architecture entirely within the Microsoft Azure ecosystem. This section describes the system components, trust boundaries, and data flows.
4.1 System Components
4.2 Trust Boundaries
Trust boundaries define where data crosses from untrusted to trusted zones. SupportHub enforces security controls at the following boundaries:
5. Access Control and Authentication
SupportHub implements strong access controls to protect systems and data:
5.1 Authentication Requirements
5.2 Access Control Principles
5.3 Password Policy
6. Data Protection and Encryption
SupportHub implements comprehensive encryption to protect data throughout its lifecycle:
6.1 Encryption Standards
6.2 Infrastructure Security
6.3 AI Model Data Protection
Customer data used with AI models receives special protection:
7. Email and Communications Security
7.1 Email Usage Policy
8. Network and Wireless Security
8.1 Wireless Network Security
9. Security Incident Response
SupportHub maintains a comprehensive Incident Response Policy to handle security events effectively.
For detailed incident response procedures, severity classifications, and response times, please refer to our Incident Response Policy.
10. Business Continuity and Disaster Recovery
SupportHub maintains business continuity and disaster recovery capabilities to ensure service availability:
10.1 Data Backup and Recovery
11. Employee Responsibilities
All SupportHub personnel must adhere to the following security practices:
12. Policy Compliance and Enforcement
12.1 Compliance Monitoring
13. Policy Review and Updates
This Information Security Policy is reviewed and updated at least annually, or more frequently in response to significant security incidents, regulatory changes, or business needs. All personnel will be notified of material changes and required to acknowledge updated policies.
14. Questions and Contact Information
For questions about this Information Security Policy or to report security concerns:
Security Officer: Tamas Szilagyi
Email: [email protected]
TeleCetli Kft.
7634 Pecs, Darazs dulo 70., Hungary