At PaperLite, we recognize the critical importance of the information we handle for our customers, stakeholders, and associates. We are dedicated to ensuring the security of this information throughout its lifecycle—whether it is being processed, stored, transmitted, or delivered. Our adherence to internationally recognized information security practices, including the ISO 27001:2013 standard, enhances customer trust and guarantees a secure operating environment.
The SaaS-based tool at PaperLite is governed by our Information Security Management System (ISMS) framework, which is independently assessed and verified. Our primary goal is to manage information security effectively, ensuring that both core and supporting SaaS-based operations are secure and experience minimal disruption.
Our ISMS framework encompasses the people, processes, and technology within our organization, safeguarding the confidentiality, integrity, availability authenticity, and non-repudiation of sensitive information. This robust system demonstrates PaperLite’s unwavering commitment to protecting customer data and maintaining a secure operational environment
At PaperLiteCA, we consider risks as the potential for a threat to exploit a vulnerability, resulting in damage to an asset and leading to various types of loss, such as financial, reputational, or other impacts. To manage these risks effectively, we advocate and follow a phased approach to risk assessment, supported by a robust methodology.
Our Security team continuously monitors and controls security for our SaaS-based tool and its operations to ensure that:
Regulatory and legislative requirements are met in accordance with ISO 27001/2 controls as well as national and international laws.
Appropriate access controls are maintained, protecting information against unauthorized access.
A business continuity management framework and business continuity plan are established to counteract interruptions to business activities and protect critical business processes from major failures or disasters.
Validation of physical and environmental security arrangements is adequate.
An ongoing compliance and monitoring mechanism is in place.
All breaches of information security, whether actual or suspected, are reported to and investigated by the relevant Managed Security Services team, recorded in an incident report, and reviewed by senior management.
Security Measures and Data Protection
We implement appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of data, including both accidental and intentional manipulation or loss by unauthorized parties. These measures include internal reviews of our data collection, storage, and processing practices, as well as robust security measures such as encryption and physical security to safeguard systems where personal data is stored. All information gathered on the SaaS based tool is securely stored within a controlled database. Access to the servers is password-protected and strictly limited.
Our security measures are regularly reviewed and updated to reflect technological advancements. While we take all reasonable steps to ensure that personal information is kept secure, please understand that no data transmission over the internet or any other public network can be guaranteed to be 100% secure.
We are committed to complying with applicable data protection laws to ensure the protection and preservation of user privacy and personal information. We have implemented physical, electronic, and procedural safeguards that adhere to the laws of relevant jurisdictions to protect user personal information. By accepting the terms of this policy, you agree that the standards and practices we implement are reasonable and sufficient for the protection of your personal information.
In the event of a breach affecting the security, confidentiality, or integrity of your unencrypted electronically stored personal information, we will notify you via email or another feasible method as soon as possible and without unreasonable delay, subject to the needs of law enforcement. We will also take all necessary measures to assess the scope of the breach and restore the integrity of our data systems.