2. Data classification and management

Effective data classification and management are critical to ensuring the security and privacy of sensitive information. VISKO HR employs automated processes and robust privacy controls to manage data efficiently and securely.

Data Segregation

• Automated Processes: We have implemented sophisScated algorithms and machine learning models to automaScally categorize data into appropriate classificaSons, such as internships and jobs. This ensures that data is organized systemaScally, reducing the risk of misclassificaSon and unauthorized access.

• System Efficiency: The systems that we have employed for segregaSon of data are efficient. Automated data segregaSon enhances the efficiency of the system by ensuring that recruiters and job seekers can easily find relevant informaSon. This reduces manual errors and streamlines the user experience.

• Security Controls: Each category of data has specific security controls tailored to its sensiSvity and usage. For example, job-related data may have different access restricSons compared to internship-related data, ensuring that each type of informaSon is protected according to its risk profile.

Data Privacy

• User Control: Provide users with granular control over their personal informaSon. This includes the ability to update, modify, or delete their personal data as needed. Users can choose to hide their mobile numbers to protect their privacy.

• Privacy SeKngs: Our soTware ensures that privacy se\ngs are easily accessible and configurable within the applicaSon. We inform users about the implicaSons of their privacy choices, especially regarding the visibility of their contact informaSon.

• Data AnonymizaNon: We have also implemented data anonymizaSon techniques where possible to protect user idenSSes, especially in cases where data is used for analyScal purposes. This reduces the risk of personal data being exposed or misused.

3. Sharing your information

Robust user authentication and access control mechanisms are essential to protect the integrity and confidentiality of Remark’s information systems.

User Registration

• License Agreement: Requires all users to read and agree to a comprehensive license agreement before they can register on Remark’s mobile and web applicaSons. The agreement outlines the terms of service, privacy policies, and user responsibiliSes.

• Verification: We have also implemented verificaSon processes to ensure that users provide accurate and valid informaSon during registraSon. This may include email verificaSon, phone number verificaSon, and CAPTCHA to prevent automated sign-ups.

Access Control

• Role-Based Access Control (RBAC): We have also implemented RBAC to ensure that users only have access to the data and funcSonaliSes necessary for their roles. This minimizes the risk of unauthorized access and potenSal data breaches.

• Access Levels: Our soTware defines different access levels for various user roles, such as recruiters, job seekers, AI developers, and administrators. Regularly review and update access permissions to reflect changes in roles and responsibiliSes.

• Audit Trails: We also maintain detailed audit trails of access and acSons performed within the system. This helps in monitoring user acSviSes and detecSng any unauthorized access or suspicious behavior.

4. User authentication and access control

Remark leverages AI to enhance its services, from acting as a freelancer to assisting in job description creation. We understand that ensuring the secure integration and management of AI systems is crucial.

Freelance AI Integration

• Secure Integration: We have implemented secure protocols for integrating AI systems that act as freelancers. This includes ensuring that AI models are securely trained and deployed, with regular security assessments to identify and mitigate vulnerabilities.

Regular Updates: We keep our AI systems updated with the latest security patches and improvements. Regularly retrain AI models to improve accuracy and adapt to new threats.

Monitoring and Evalua on: We also con nuously monitor the performance and behaviour of AI systems to detect any anomalies or unauthorized activities. Establish clear metrics for evaluating AI effectiveness and security.

AI Job Description Creation

• Data Integrity: We ensure that the AI func onali es used for creating job descrip ons maintain the integrity and accuracy of the data. This includes validating the AI generated content to ensure it meets quality and compliance standards.

• Privacy Protection: We have also implemented measures to protect the privacy of users whose data may be used by the AI. This includes anonymizing personal information and ensuring that AI operations comply with data protection regulati ons.

• Ethical AI Use: We have also implemented data anonymizaSon techniques where possible to protect user idenSSes, especially in cases where data is used for analyScal purposes. This reduces the risk of personal data being exposed or misused.

5. AI intregation and management

• Reporting Mechanism: We have established a clear and accessible process for users, employees, and contractors to report security incidents. This could include an online form, a dedicated email address, or a hotline.

• Types of Incidents: We have defined the types of incidents that must be reported, such as data breaches, unauthorized access, malware infections, system outages, and misuse of the platform.

•Immediate Action: We encourage prompt repor ng of incidents to ensure a quick response. Provide guidelines on the information to be included in the report, such as the nature of the incident, affected systems, and any immediate ac ons taken.

Incident Response Team

•Forma on and Roles: We have formed a dedicated Incident Response Team (IRT) comprising members from IT, security, legal, and communica ons departments.

• Response Plan: We have developed an incident response plan that outlines the steps to be taken in the event of a security incident. This plan includes procedures for incident identification, containment, eradica on, recovery, and post-incident analysis.

•Communication: : We have established a communica on protocol to ensure mely and accurate informa on sharing within the IRT and with affected stakeholders. This includes no fying affected users, management, and regulatory bodies as required.

•Training and Drills: At VISKO HR, we also conduct regular training and incident response drills to ensure the IRT is prepared to handle various types of incidents effectively. Review and update the incident response plan based on lessons learned from drills and actual incidents.

6. Incident response and management

Ensuring that the content posted on Remark's platform adheres to community standards and legal requirements is essential for maintaining a safe and respectful environment for all users.

Content Moderation

• Automated Monitoring: We have implemented sophisScated algorithms and machine learning models to automaScally categorize data into appropriate classificaSons, such as internships and jobs. This ensures that data is organized systemaScally, reducing the risk of misclassificaSon and unauthorized access.

• Manual Review: T Our software also compliments automated monitoring with manual reviews by trained moderators to handle complex cases and appeals. Manual modera on ensures that nuanced decisions are made fairly and consistently.

• Repoting Mechanism: Our software also provides users with an easy way to report inappropriate content. We review these reports promptly and take appropriate ac on based on the findings.

User Warnings and Blocking

• Warning System: We have implemented a system for issuing warnings to users who post inappropriate content. The first viola on results in a warning, clearly explaining the nature of the violation and the consequences of further misconduct.

• Escalation Process: If a user continues to post vulgar or obscene material atier receiving a warning, VISKO HR has the authority to block the user. This process is documented and includes criteria for escalating warnings to account blocking.

• Transparency: Our soware ensures transparency in the content modera on process by informing users of the reasons for any warnings or account blocks. Provide an appeal mechanism for users who believe their content was wrongly flagged or their account was unjustly blocked.

7. Content monitoring and user conduct

Protecting user data is a top priority for us at Remark. Implementing robust data protection measures ensures that sensitive information is safeguarded against unauthorized access and breaches.

Data Encryption

• Encrytion at Rest: We use strong encryption algorithms to protect sensitive data stored on Remark’s servers. This ensures that even if the data is accessed by unauthorized par es, it remains unreadable and secure.

• Encryption in Transit: We also encrypt data transmited between users and Remark’s servers using protocols such as TLS (Transport Layer Security). This protects data from being intercepted or tampered with during transmission.

•Key Management: We have also implemented a secure key management system to handle encryption keys. We ensure that keys are stored securely and access is restricted to authorized personnel only.

Privacy Controls

•User Privacy Settings: Our software allows users to manage their privacy se ngs through an intui ve interface. We understand that users should have control over what personal information is visible to others, including the option to hide their mobile numbers.

• Privacy by Design: We have also integrated privacy considerations into the design and development of Remark’s systems and services. This includes minimizing data collection, using data anonymization techniques, and ensuring that user data is handled in compliance with data protection laws.

•Liability Disclaimer: We clearly state in our privacy policy that Remark is not liable for any misuse of mobile numbers if users choose not to hide them. We also educate users on the poten al risks of sharing personal informati on publicly and encourage them to use available privacy controls.

8. Data protection and privacy

Ensuring compliance with legal and regulatory requirements is critical for Remark to maintain its reputation and avoid legal penalties. This involves adhering to various laws and regulations that govern data protection, privacy, and the use of technology.

Regulatory Compliance

• Data Protection Laws: WAtch Remark, we ensure compliance with data protection laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant local and international regulations. This includes implementing measures to protect personal data, ensuring lawful data processing, and providing users with rights over their data.

•Privacy Regulations: T Our soware also compliments automated monitoring with manual reviews by trained moderators to handle complex cases and appeals. Manual moderation ensures that nuanced decisions are made fairly and consistently.

• Industry Standards: We follow industry standards and best practices for information security, such as ISO/IEC 27001 and NIST Cybersecurity Framework. This helps ensuring that Remark's security measures are aligned with globally recognized benchmarks.

Regulatory Compliance

• User Responsibilities: The use of our software requires all users to agree to a comprehensive license agreement before accessing Remark’s services. The agreement outlines the users' responsibilities, including complying with the platform's rules, protecting their account credentials, and respecting the rights of other users.

•Company Liabilities: We have clearly defined VISKO HR’s liabilities and disclaimers in the license agreement. This includes limitations on the company’s liability for data breaches, misuse of the platform, and third-party actions

• Periodic Updates: Regularly review and update the license agreement to reflect changes in laws, regulations, and company policies. Notify users of any significant changes to the agreement and obtain their consent where necessary.

9. Compliance and legal-requirements

We understand that ongoing training and awareness programs are essential to ensure that employees, contractors, and users understand their roles and responsibilities in maintaining security and privacy.

Security Training

• Employee Training: We aim to provide regular security training for all employees and contractors. This training covers topics such as recognizing phishing a acks, secure password prac ces, data protection principles, and incident reporting procedures.

•Specialized Training: We also offer specialized training for roles that handle sensitive data or have elevated access privileges. This includes training on secure coding practices for developers, data handling protocols for data analysts, and compliance requirements for legal and compliance teams.

•Continuous Learning: We encourage a culture of continuous learning by providing access to resources such as webinars, online courses, and security bulletins. We tend to stay updated on the latest security threats and trends to ensure the training content remains relevant and effective.

User Education

•Privacy Best Practices: We also educate users on best prac ces for maintaining their privacy and security while using Remark’s services. This includes advising users to be cautious about sharing personal information.

• Security Awareness: We provide users with information on how to recognize and avoid common security threats, such as phishing scams and malware. We also offer ps on how to protect their devices and accounts from unauthorized access.

• Resource Center: We maintain a resource center with guides, FAQs, and tutorials on privacy and security topics. Make this information easily accessible through the Remark platform and regularly update it with new content.

10. Training and awareness

Regular monitoring and review of security practices are crucial to identify and mitigate potential threats and ensure the effectiveness of security measures.

Regular Audits

• Internal Audits: We conduct regular internal security audits to assess the effectiveness of security controls and identify areas for improvement. This includes reviewing access logs, system configurations, and compliance with security policies.

•External Audits: We also engage third-party auditors to perform external security assessments and penetration tests. These audits provide an unbiased evaluation of Remark’s security posture and help identify vulnerabilities that internal audits might miss.

• Risk Assessments: We perform regular risk assessments to identify and evaluate potential threats to Remark’s information assets. Use the results of these assessments to prioritize security initiatives and allocate resources effectively.

Policy Review

• Annual Review: We systemati cally review and update the security policy at least annually to ensure it remains relevant and effective. This includes assessing the policy's alignment with current threats, regulatory changes, and industry best practices.

•Continuous Improvement: We foster a culture of con nuous improvement by encouraging feedback from employees, contractors, and users on the effectiveness of the security policy. Use this feedback to make necessary adjustments and enhancements.

11. Enforcement

Enforcing the security policy is essential to ensure compliance and maintain the integrity of Remark’s information systems and data.

Policy Compliance

• Enforcement Mechanisms: We have implemented mechanisms to enforce compliance with the security policy. This includes regular monitoring of user activities, audits, and automated compliance checks.

•Disciplinary Action: We have also defined clear consequences for non-compliance with the security policy. This may include disciplinary ac ons such as warnings, suspension, termination of employment, or revocation of user access. Ensure that enforcement actions are consistently applied and documented

• Legal Action: IbIn cases of severe violations, such as deliberate data breaches or fraudulent acti vities, pursue legal action as necessary to protect Remark’s interests and uphold the law.

12. Contact information

At VISKO HR, our aim is providing clear contact information for reporting security issues and incidents ensures that users and employees know where to turn for assistance.

Security Contact

• Information Security Officer (ISO): We provide the contact details of the ISO, including email address and phone number, for reporting security issues, seeking guidance, and obtaining information about the security policy.

•Incident Response Team (IRT): We also the contact information for the IRT, including an email address and a hotline for reporting security incidents. Ensure that this contact information is easily accessible to all users and employees.

• Support Channels: We mul ple support channels, such as a dedicated helpdesk, online chat, and a support ckeching system, to ensure that users and employees can quickly and easily report security concerns and get assistance.