Summary
This document is an Information Security Program Summary that outlines the security measures implemented by Built to protect Confidential Data, Participant Data, and Client Data. It details the administrative, physical, and technical safeguards in place to prevent unauthorized access and ensure compliance with industry standards. The program adheres to recognized security frameworks such as CIS Top 20, ISO27001, and NIST. Key components include data disposal protocols, access controls, encryption standards, and incident management procedures. Built reviews its InfoSec Program annually to align with legal requirements and best practices. The summary also describes specific security protocols, including encryption processes for data in transit and at rest, physical security measures utilizing AWS, and strict identity access management policies. Employee access to Protected Data is regulated through background checks and confidentiality agreements. Additionally, the document addresses data backup procedures and the response plan in the event of a data breach, ensuring prompt notification and cooperation with affected clients.
