Information Security & Privacy Policy

This Information Security and Privacy Policy outlines the commitment of Broadband System Corporation (BSC) to maintaining the highest standards of information security and privacy in line with the requirements of the Information Security and Privacy Management System standards. BSC recognizes the importance of safeguarding information assets and respecting individuals' privacy rights. This policy serves as a framework for establishing, implementing, maintaining, and continually improving our information security and privacy practices. This policy applies to all information assets, systems, processes, personnel, and third parties that access, process, or store information on behalf of BSC.

Policy Statements

Information Security

  • Information Classification: BSC classifies information into categories such as Confidential, Internal Use, and Public. The classification level determines the appropriate handling, access controls, and encryption measures.
  • Access Control: Access to information is granted based on the principle of least privilege. Users are granted access only to the information necessary for their roles. Access control mechanisms, including strong authentication, are implemented and regularly reviewed.
  • Risk Management: Regular risk assessments are conducted to identify, assess, and mitigate potential threats and vulnerabilities. Appropriate controls are implemented to manage identified risks.
  • Security Awareness and Training: BSC provides ongoing security awareness and training to all personnel, contractors, and third parties to ensure they understand their responsibilities and are equipped to make informed security decisions.
  • Incident Management: An incident response plan is in place to effectively manage and respond to security incidents. Incidents are reported, investigated, and appropriate measures are taken to prevent future occurrences.

Privacy

  • Data Protection: BSC complies with all relevant data protection laws and regulations. Personal data is collected, processed, and stored lawfully and transparently. Data subjects' rights are respected.
  • Consent: When required, BSC obtains explicit and informed consent from data subjects before collecting or processing their personal data.
  • Data Minimization: Personal data is collected and processed only for specific and legitimate purposes. Data collection is limited to what is necessary for the intended purpose.
  • Data Security: Appropriate technical and organizational measures are in place to protect personal data from unauthorized access, disclosure, alteration, or destruction.
  • Data Transfer: Before transferring personal data to third parties or across borders, adequate safeguards are implemented to ensure the security and privacy of the data.

BSC is committed to complying with the requirements outlined in this policy and any applicable laws, regulations, and standards. The policy is regularly reviewed to ensure its effectiveness and relevance in addressing the changing landscape of information security and privacy.

All employees, contractors, and third parties are expected to comply with this policy. Non-compliance may result in disciplinary action.

This Information Security and Privacy Policy reflects BSC's commitment to maintaining the confidentiality, integrity, and availability of information assets while respecting individuals' privacy rights. By adhering to the principles and practices outlined in this policy, BSC aims to build and maintain trust with its stakeholders.

For more info send us an Email to security@bsc.rw

Date of Policy: 21/08/2023

Signed by: Christian Muhirwa Chief Executive Officer

Kn5 Airport Road, BSC
Building, Kisimenti – Gasabo
P.O Box 7229, Kigali-Rwanda
Toll Free 4141
customerservice@bsc.rw