.

Information Security Commitment

Adastra’s Commitment to Information Security

Information security (IS) is one of Adastra's top organizational priorities. Having proper safeguards in place for processes and tools and reliable infrastructure ensures we maintain high client confidence in our ability to deliver outstanding quality services and protect client information.

The following information security principles provide governance for the Adastra Canada Information Security Management System:

  • Confidentiality: All information assets (IA) can be seen/accessed only by people who are authorized to access them.
  • Integrity: Changes to IA are only allowed by authorized users and all changes are tracked.
  • Availability: IA are accessible when the authorized users need them.

In order to have the above three IS principles applied to all Adastra Canada activities, the company maintains:

  • Balanced protection: The level of protection of the IA are based on the classification of their criticality and confidentiality.
  • Independent protection for the most critical IA: Several protection mechanisms are implemented, e.g., multifactor authentication plus encryption and access locking when idle. This way, we minimize the risk of unauthorized access or modification of the IA.
  • An emergency plan in the case of failure: To minimize the actual consequences when a failure occurs, different strategies, e.g., business continuity planning and backup and recovery, are applied to the most critical company assets and processes.
  • Segregation of duties: The people who request access to the information assets are not the people who authorize the access.
  • Minimum privileges for everyone needed to carry out their responsibilities. Changes in the assigned privileges are done only according to changes in the responsibilities.

The Adastra Canada Management Team is committed to ensuring that:

  1. Adequate security controls are in place to protect information and data processed in all company activities, including, but not limited to:

  • Marketing and business development;
  • Account management and project delivery;
  • Human resources and talent management;
  • Finance, accounting, and administration; and
  • IT and infrastructure.

  1. All these controls are properly monitored, reviewed for operational effectiveness, and continually improved to maintain the highest possible protection of all available company and client information assets.

The Adastra Management Team