Privacy Policy

Surety Title Agency, Inc. maintains a written privacy and information security plan to protect Non-public Personal Information (NPI) as required by local, state and federal law.

Information is an asset which, like any other asset owned by or in possession of the Company, has significant value. Information security is a critical component to ensure the confidentiality, integrity and availability of information. This policy has been developed to establish the minimum requirements that are necessary to protect information assets against unauthorized access, modification or destruction for both physical and network security.

The Company maintains Clean Desk Policy to reduce the threat of a security incident to NPI.

The Company has established an Information Security Risk Assessment that ranks risks including locations, systems, and methods for storing, processing, transmitting, and disposing of NPI.

The Company provides management and training for Applicable Parties to help ensure compliance with the Information Security and Privacy Policy.

All information stored, handled or processed by the Company is protected by controls appropriate for the associated level of risk and impact.

The Company established an Acceptable Use of Information Technology Policy that describes acceptable use of Company assets and systems, including but not limited to use of Internet, email, and equipment. The Company has the right to monitor networks, computer systems, internet usage and email for Applicable Parties to confirm compliance with the Policy.

The Company established an Acceptable Use of Information Technology Policy that describes acceptable use of Company assets and systems, including but not limited to use of Internet, email, and equipment. The Company has the right to monitor networks, computer systems, internet usage and email for Applicable Parties to confirm compliance with the Policy.

The Company maintains a Record Retention and Disposal Schedule based on the classification of information (Public, Internal Use Only, NPI) and all legal and contractual requirements along with applicable industry standards. Data classified as Public is excluded from retention unless deemed necessary by management.

The Company takes reasonable steps to select and retain service providers that are capable of appropriately safeguarding NPI.

The Company monitors, investigates attacks/intrusions, and responds to Data Breach incidents.

A Business Continuity and Disaster Recovery plan is in place to protect critical business processes from effects of failures or disasters. This plan ensures secure methods to protect Company information and the timely resumption of business information systems.

Scope: The Policy pertains to all types of information resources, including:

(1) Hardcopy data printed or written on paper

(2) Data stored electronically

(3) Communications sent by mail, courier or transmitted electronically

(4) Removable Media including but not limited to information stored on tape, CD/DVD, video, and USB flash drive.

(5) Recorded audio