{"id":17718,"date":"2025-04-14T06:15:10","date_gmt":"2025-04-14T06:15:10","guid":{"rendered":"https:\/\/likeitsocial.com\/?page_id=17718"},"modified":"2025-04-15T01:37:17","modified_gmt":"2025-04-15T01:37:17","slug":"trust-center","status":"publish","type":"page","link":"https:\/\/likeitsocial.com\/ko\/trust-center\/","title":{"rendered":"Trust – Center"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Trust Center<\/h1>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Last Updated: Sep<\/b> 25, 2024<\/span><\/b><\/p>

By using this website, You agree to the following privacy policy. Please read them carefully before using this website. We are at Like It System LLC. dba LikeIT Social respect Your privacy. This Privacy Policy is designed to explain how We collect, use, share, and protect the personal information You provide to Us when you access Our website, purchase Our goods or services, or engage with Us on social media, as well as Your own rights to the information we collect. Please read this Privacy Policy carefully. We will alert You to any changes to this Policy by changing the \u201clast updated\u201d date at the top of this Policy. Any changes become effective immediately upon publication on Our website, and You waive specific notice of any changes to the Policy by continuing to use and access Our site(s). We encourage You to review this Privacy Policy periodically when You use Our website for any purpose or engage with Us on social media. You are deemed to have accepted any changes to any revised Privacy Policy by Your continued use of Our website after the revised Privacy Policy is posted.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t

Certification<\/h3>\t\t\n\t\t\n\t
\n\t\t

GDPR and CCPA\/CPRA<\/b><\/strong><\/p>

Likeit Social ensures its privacy program complies with the General Data Protection Regulation (GDPR) applicable to the European Union and the United Kingdom, as well as the California Consumer Privacy Act (CCPA) and its subsequent amendment, the California Privacy Rights Act (CPRA).<\/span><\/p>

Payment Card Industry (PCI)<\/b><\/p>

Likeit Social maintains PCI DSS compliance through a PCI SAQ A self-assessment. We fully outsource our cardholder data processing to third-party payment processors who are PCI-approved and compliant with PCI DSS Level 1 standards.<\/span><\/p>\t<\/div>\n\n\t<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t

IT Security Policy<\/h3>\t\t\n\t\t\n\t
\n\t\t

introduction<\/strong><\/p>

Since 2019, Likeit Social has been committed to helping businesses enhance their marketing efforts, build stronger customer relationships, make informed decisions, and create beloved brands. We manage social pages with a focus on customer success and support.
<\/strong><\/p>

Reliability & Availability
<\/b><\/strong><\/p>

  1. Minimizing Downtime:<\/b> Our systems are designed for fault tolerance, and our teams are trained for rapid incident recovery. We avoid both planned and unplanned downtime whenever possible.<\/span><\/li>
  2. Business Continuity:<\/b> Disaster recovery and business continuity are integral to our practices.<\/span><\/li>
  3. Uptime:<\/b> We maintain a KPI of 99% uptime, consistently achieving higher than 99% over the past 6 and 12 months.<\/span><\/li>
  4. Customer Transparency:<\/b> Customers can subscribe to receive immediate SMS or email notifications for any incidents.<\/span><\/li><\/ol>

    Data Management<\/b><\/strong><\/p>

    1. Social Media Feeds:<\/b> Our data ingest layer connects to multiple social network APIs with redundancy and support from Facebook, Twitter, Instagram, and LinkedIn.<\/span><\/li>
    2. Backups:<\/b> Regular, encrypted backups are stored in Microsoft Azure with high durability and availability.<\/span><\/li><\/ol>

      Operational Excellence<\/b><\/p>

      1. Multidisciplinary Analysis:<\/b> We conduct blameless post-mortems and continually improve our systems and procedures.<\/span><\/li>
      2. Isolation:<\/b> Our backend platform uses isolation design patterns to mitigate risks.<\/span><\/li>
      3. Recovery Objectives:<\/b> Strategies provide up-to-date RPOs and low RTOs, meeting customer expectations.<\/span><\/li>
      4. DevOps Best Practices:<\/b> Infrastructure-as-code enables rapid and consistent system recovery.<\/span><\/li><\/ol>

        Monitoring & Support<\/b><\/p>

        1. Continuous Monitoring:<\/b> We monitor our technical environments in real-time globally.<\/span><\/li>
        2. On-Call Support:<\/b> Specialized engineers are on call 24\/7\/365 to address issues promptly.<\/span><\/li><\/ol>

          Data Centers<\/b><\/p>

          1. Hosting:<\/b> Our products are hosted by Microsoft Azure, offering secure, highly available, and compliant facilities.<\/span><\/li>
          2. Data Location:<\/b> Customer data is hosted in Azure's us-east-1.<\/span><\/li>
          3. Facilities:<\/b> Azure data centers have robust physical hosting capabilities, including power backup and redundancy.<\/span><\/li><\/ol>

            IT & Physical Security<\/b><\/p>

            1. IT Security:<\/b> Includes forced open door alarms, intrusion detection systems, and media destruction per NIST standards.<\/span><\/li>
            2. Physical Security:<\/b> Strict physical access controls with continuous monitoring and multi-factor authentication.<\/span><\/li><\/ol>

              Infrastructure & Network Security<\/b><\/p>

              1. Dedicated Security Team:<\/b> Monitors and alerts 24\/7\/365 for security and operational events.<\/span><\/li>
              2. Network Controls:<\/b> Segmented private network with increasing levels of control.<\/span><\/li><\/ol>

                Incident Management<\/b><\/p>

                1. Response Planning:<\/b> Based on NIST standards, with prompt investigation and remediation of incidents.<\/span><\/li>
                2. Scanning:<\/b> Regular scans for common vulnerabilities.<\/span><\/li>
                3. Encryption:<\/b> Uses HTTPS with TLS 1.2+ and AES-256 encryption for data at rest.<\/span><\/li><\/ol>

                  System Administration<\/b><\/p>

                  1. Best Practices:<\/b> Least privilege, central configuration management, and stringent firewall policies.<\/span><\/li>
                  2. Patching:<\/b> Regular automatic server patches, with manual application of high-priority patches.<\/span><\/li><\/ol>

                    Product Security Features<\/b><\/p>

                    1. Multi-Factor Authentication (MFA):<\/b> Supports TOTP and HOTP apps for additional security.<\/span><\/li>
                    2. Secure Credential Storage:<\/b> Passwords are salted, hashed, and cannot be viewed by anyone.<\/span><\/li>
                    3. Brute-Force Protections:<\/b> Implemented with computationally challenging hashing and rate-limiting protections.<\/span><\/li>
                    4. Approval Workflows:<\/b> Allows for task division with central decision-maker control.<\/span><\/li>
                    5. IP Restrictions:<\/b> Configurable to restrict access from specific IP ranges.<\/span><\/li>
                    6. Single Sign-On (SSO):<\/b> Supports SAML 2.0 for unified login credentials.<\/span><\/li><\/ol>\t<\/div>\n\n\t<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                      \n\t\t\t\t
                      \n\t\t\t
                      \n\t\t\t\t

                      Likeit Social Incident Management Policy<\/h3>\t\t\n\t\t\n\t
                      \n\t\t

                      Introduction<\/strong><\/p>

                      At Likeit Social, we prioritize the security and integrity of our systems and data. This Incident Management Policy outlines our procedures for identifying, managing, and responding to security incidents to minimize impact and ensure prompt resolution.<\/span><\/p>

                      Purpose<\/strong><\/p>

                      The purpose of this policy is to ensure a consistent and effective approach to managing incidents, including security breaches, system failures, and data leaks. It aims to protect Likeit Social's assets, maintain customer trust, and comply with relevant legal and regulatory requirements.<\/span><\/p>

                      Scope<\/strong><\/p>

                      This policy applies to all employees, contractors, and third-party service providers who manage, use, or access Likeit Social systems and data.<\/span><\/p>

                      Definitions<\/strong><\/p>

                      1. Incident:<\/b> Any event that compromises the confidentiality, integrity, or availability of Likeit Social's systems or data.<\/span><\/li>
                      2. Incident Response Team (IRT):<\/b> A group of designated personnel responsible for managing and resolving incidents.<\/span><\/li>
                      3. Critical Incident:<\/b> An incident that significantly impacts business operations, customer data, or regulatory compliance.<\/span><\/li><\/ol>

                        Roles and Responsibilities<\/strong><\/p>

                        1. Incident Response Team (IRT):<\/b>
                          1. Lead the incident management process.<\/span><\/li>
                          2. Coordinate communication among stakeholders.<\/span><\/li>
                          3. Ensure proper documentation of the incident and response actions.<\/span><\/li><\/ol><\/li>
                          4. Employees:<\/strong>
                            1. Report any suspected incidents immediately.<\/span><\/li>
                            2. Assist in the investigation and resolution of incidents as required.<\/span><\/li><\/ol><\/li>
                            3. Third-Party Service Providers:<\/strong>
                              1. Report incidents that affect Likeit Social systems or data.<\/span><\/li>
                              2. Cooperate with the IRT in incident management and resolution.<\/span><\/li><\/ol><\/li><\/ol>

                                Incident Management Process<\/b><\/strong><\/p>

                                1. Identification and Reporting<\/b>
                                  1. Detection:<\/b> Continuously monitor systems for potential incidents using automated tools and manual processes.<\/span><\/li>
                                  2. Reporting:<\/b> Report any suspected incidents immediately to the IRT via the designated incident reporting channels (email, phone, or incident management system).<\/span><\/li><\/ol><\/li>
                                  3. Classification<\/b>
                                    1. Initial Assessment:<\/b> The IRT conducts an initial assessment to determine the nature and impact of the incident.<\/span><\/li>
                                    2. Classification:<\/b> Incidents are classified based on their severity:<\/span>
                                      1. High:<\/b> Critical incidents requiring immediate attention.<\/span><\/li>
                                      2. Medium:<\/b> Significant incidents with moderate impact.<\/span><\/li>
                                      3. Low:<\/b> Minor incidents with limited impact.<\/span><\/li><\/ol><\/li><\/ol><\/li>
                                      4. Containment<\/b>
                                        1. Immediate Actions:<\/b> Take immediate steps to contain the incident and prevent further damage.<\/span><\/li>
                                        2. Short-term and Long-term Containment:<\/b> Implement short-term measures to stabilize the situation and plan for long-term containment to address underlying issues.<\/span><\/li><\/ol><\/li>
                                        3. Eradication<\/b>
                                          1. Root Cause Analysis:<\/b> Investigate the root cause of the incident.<\/span><\/li>
                                          2. Removal:<\/b> Eliminate the root cause and any malicious activities from the affected systems.<\/span><\/li><\/ol><\/li>
                                          3. Recovery<\/strong>
                                            1. System Restoration:<\/b> Restore affected systems to normal operation.<\/span><\/li>
                                            2. Validation:<\/b> Verify the integrity of affected systems and data to ensure they are secure.<\/span><\/li><\/ol><\/li>
                                            3. Documentation and Reporting<\/b>
                                              1. Incident Documentation:<\/b> Maintain detailed records of the incident, including timelines, actions taken, and lessons learned.<\/span><\/li>
                                              2. Internal Reporting:<\/b> Provide regular updates to senior management and stakeholders on the status and resolution of the incident.<\/span><\/li>
                                              3. External Reporting:<\/b> Notify regulatory authorities and affected customers as required by law and contractual obligations.<\/span><\/li><\/ol><\/li>
                                              4. Post-Incident Review<\/b>
                                                1. Review:<\/b> Conduct a post-incident review to analyze the incident and response.<\/span><\/li>
                                                2. Lessons Learned:<\/b> Identify and implement improvements to prevent future incidents.<\/span><\/li><\/ol><\/li><\/ol>

                                                  Training and Awareness<\/b><\/p>

                                                  1. Employee Training:<\/b> Provide regular training to employees on incident management procedures and their roles in the process.<\/span><\/li>
                                                  2. Awareness Programs:<\/b> Conduct awareness programs to promote a culture of security and proactive incident reporting.<\/span><\/li><\/ol>

                                                    Policy Review<\/b><\/p>

                                                    This policy will be reviewed annually or after significant incidents to ensure its effectiveness and alignment with best practices and regulatory requirements.<\/span><\/p>

                                                    Compliance<\/b><\/p>

                                                    Non-compliance with this policy may result in disciplinary action, including termination of employment or contracts.<\/span><\/p>\t<\/div>\n\n\t<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

                                                    \n\t\t\t\t
                                                    \n\t\t\t
                                                    \n\t\t\t\t

                                                    Likeit Social Change Control Policy and Supporting Procedures<\/h3>\t\t\n\t\t\n\t
                                                    \n\t\t

                                                    Introduction<\/b><\/p>

                                                    At Likeit Social, we recognize the importance of maintaining control over changes to our systems and infrastructure to ensure stability, security, and compliance. This Change Control Policy outlines the procedures for managing changes to our IT environment, including software, hardware, and network configurations.<\/span><\/p>

                                                    Purpose<\/b><\/p>

                                                    The purpose of this policy is to establish a structured approach for managing changes to Likeit Social\u2019s IT environment. This ensures that changes are properly reviewed, tested, approved, implemented, and documented to minimize risk and impact on business operations.<\/span><\/p>

                                                    Scope<\/b><\/p>

                                                    This policy applies to all changes to Likeit Social's IT systems, infrastructure, applications, and networks. It is relevant to all employees, contractors, and third-party service providers involved in the change management process.<\/span><\/p>

                                                    Definitions<\/b><\/p>

                                                    1. Change:<\/b> Any addition, modification, or removal that could impact IT services, systems, or infrastructure.<\/span><\/li>
                                                    2. Change Request (CR):<\/b> A formal proposal for a change, detailing the nature, rationale, and impact of the change.<\/span><\/li>
                                                    3. Change Advisory Board (CAB):<\/b> A group of stakeholders responsible for reviewing and approving change requests.<\/span><\/li>
                                                    4. Emergency Change:<\/b> A change that needs to be implemented urgently to address a critical issue or vulnerability.<\/span><\/li><\/ol>

                                                      Roles and Responsibilities<\/b><\/p>

                                                      1. Change Requester:<\/b>
                                                        1. Submit change requests with detailed information.<\/span><\/li>
                                                        2. Participate in the review and approval process.<\/span><\/li><\/ol><\/li>
                                                        3. Change Manager:<\/b>
                                                          1. Oversee the change management process.<\/span><\/li>
                                                          2. Ensure proper documentation and communication of changes.<\/span><\/li><\/ol><\/li>
                                                          3. Change Advisory Board (CAB):<\/b>
                                                            1. Review, assess, and approve or reject change requests.<\/span><\/li>
                                                            2. Ensure changes align with business objectives and compliance requirements.<\/span><\/li><\/ol><\/li>
                                                            3. Implementer:<\/b>
                                                              1. Execute the approved change.<\/span><\/li>
                                                              2. Ensure proper testing and validation of the change.<\/span><\/li><\/ol><\/li>
                                                              3. Reviewer:\u00a0<\/b>
                                                                1. Review the change post-implementation to ensure it meets the desired outcomes and identify any issues.<\/span><\/li><\/ol><\/li><\/ol>

                                                                  Change Management Process<\/b><\/p>

                                                                  1. Change Request Submission<\/b>
                                                                    1. Documentation:<\/b> The Change Requester completes a Change Request (CR) form, detailing the nature, rationale, impact, and rollback plan for the change.<\/span><\/li>
                                                                    2. Submission:<\/b> The completed CR form is submitted to the Change Manager for initial review.<\/span><\/li><\/ol><\/li>
                                                                    3. Initial Review and Classification<\/b>
                                                                      1. Initial Assessment:<\/b> The Change Manager reviews the CR for completeness and accuracy.<\/span><\/li>
                                                                      2. Classification:<\/b> The Change Manager classifies the change based on its potential impact and urgency:<\/span>
                                                                        1. Standard Change:<\/b> Pre-approved and low-risk changes.<\/span><\/li>
                                                                        2. Normal Change:<\/b> Changes requiring CAB review and approval.<\/span><\/li>
                                                                        3. Emergency Change:<\/b> Urgent changes requiring expedited approval.<\/span><\/li><\/ol><\/li><\/ol><\/li>
                                                                        4. Change Review and Approval<\/b>
                                                                          1. CAB Review:<\/b> The Change Advisory Board (CAB) reviews normal and emergency changes. They assess the risks, benefits, and alignment with business objectives.<\/span><\/li>
                                                                          2. Approval:<\/b> The CAB approves or rejects the change request. If approved, the Change Manager schedules the change implementation.<\/span><\/li><\/ol><\/li>
                                                                          3. Change Implementation<\/b>
                                                                            1. Planning:<\/b> The Implementer develops a detailed implementation plan, including testing and validation steps.<\/span><\/li>
                                                                            2. Execution:<\/b> The Implementer carries out the change according to the plan, ensuring minimal disruption to services.<\/span><\/li>
                                                                            3. Testing and Validation:<\/b> The Implementer tests the change to confirm it functions as expected and does not introduce new issues.<\/span><\/li><\/ol><\/li>
                                                                            4. Post-Implementation Review<\/b>
                                                                              1. Review:<\/b> The Reviewer assesses the change post-implementation to ensure it achieved the desired outcomes.<\/span><\/li>
                                                                              2. Documentation:<\/b> The Change Manager updates the change record with the results of the review and any lessons learned.<\/span><\/li><\/ol><\/li>
                                                                              3. Emergency Change Process<\/b>
                                                                                1. Urgent Review:<\/b> Emergency changes are reviewed and approved by a subset of the CAB or designated emergency change approvers.<\/span><\/li>
                                                                                2. Fast-Track Implementation:<\/b> Emergency changes are implemented immediately to address the critical issue.<\/span><\/li>
                                                                                3. Post-Implementation Review:<\/b> Emergency changes.<\/span><\/li><\/ol><\/li><\/ol>\t<\/div>\n\n\t<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                                                                                  \n\t\t\t\t
                                                                                  \n\t\t\t
                                                                                  \n\t\t\t\t

                                                                                  Likeit Social Acceptable Use Policy<\/h3>\t\t\n\t\t\n\t
                                                                                  \n\t\t

                                                                                  Introduction<\/b><\/p>

                                                                                  At Likeit Social, we are committed to ensuring a secure, respectful, and productive environment for all users of our systems and services. This Acceptable Use Policy (AUP) outlines the acceptable and unacceptable behaviors regarding the use of Likeit Social's IT resources, including networks, systems, software, and data.<\/span><\/p>

                                                                                  Purpose<\/b><\/p>

                                                                                  The purpose of this policy is to provide guidelines for the appropriate use of Likeit Social's IT resources to protect the organization, its users, and its data from risks including unauthorized access, data breaches, and legal issues.<\/span><\/p>

                                                                                  Scope<\/b><\/p>

                                                                                  This policy applies to all employees, contractors, consultants, temporary staff, and other users who have access to Likeit Social's IT resources.<\/span><\/p>

                                                                                  Acceptable Use<\/b><\/p>

                                                                                  Users are expected to use Likeit Social's IT resources responsibly and ethically. Acceptable use includes, but is not limited to:<\/span><\/p>

                                                                                  1. Performing job-related tasks and responsibilities.<\/span><\/li>
                                                                                  2. Accessing and using authorized systems, software, and data.<\/span><\/li>
                                                                                  3. Protecting the confidentiality, integrity, and availability of Likeit Social's data.<\/span><\/li>
                                                                                  4. Complying with all applicable laws, regulations, and company policies.<\/span><\/li><\/ol>

                                                                                    Unacceptable Use<\/b><\/p>

                                                                                    Unacceptable use of Likeit Social's IT resources includes, but is not limited to:<\/span><\/p>

                                                                                    1. Unauthorized access to systems, data, or networks.<\/span><\/li>
                                                                                    2. Sharing login credentials or allowing unauthorized individuals to access IT resources.<\/span><\/li>
                                                                                    3. Engaging in activities that disrupt or degrade the performance of IT systems or networks.<\/span><\/li>
                                                                                    4. Using IT resources for illegal activities or to violate the rights of others.<\/span><\/li>
                                                                                    5. Downloading, sharing, or distributing copyrighted material without proper authorization.<\/span><\/li>
                                                                                    6. Installing or using unauthorized software or hardware.<\/span><\/li>
                                                                                    7. Engaging in harassing, discriminatory, or abusive behavior.<\/span><\/li>
                                                                                    8. Accessing, storing, or transmitting obscene or offensive content.<\/span><\/li>
                                                                                    9. Bypassing or attempting to bypass security controls.<\/span><\/li>
                                                                                    10. Using IT resources for personal financial gain or commercial purposes unrelated to Likeit Social.<\/span><\/li><\/ol>

                                                                                      Security and Confidentiality<\/b><\/p>

                                                                                      Users are responsible for safeguarding the security and confidentiality of Likeit Social's IT resources and data. This includes:<\/span><\/p>

                                                                                      1. Use strong, unique passwords and change them regularly.<\/span><\/li>
                                                                                      2. Locking or logging out of devices when unattended.<\/span><\/li>
                                                                                      3. Report any security incidents, breaches, or suspicious activities immediately to the IT department.<\/span><\/li>
                                                                                      4. Complying with data protection policies and procedures.<\/span><\/li><\/ol>

                                                                                        Monitoring and Enforcement<\/b><\/p>

                                                                                        Likeit Social reserves the right to monitor the use of its IT resources to ensure compliance with this policy. Monitoring activities may include, but are not limited to, reviewing network traffic, accessing logs, and auditing systems. Violations of this policy may result in disciplinary action, including termination of employment, and may be reported to law enforcement authorities if illegal activities are involved.<\/span><\/p>

                                                                                        Policy Review<\/b><\/p>

                                                                                        This policy will be reviewed annually or as needed to ensure its effectiveness and alignment with best practices and legal requirements.<\/span><\/p>

                                                                                        Compliance<\/b><\/p>

                                                                                        Compliance with this policy is mandatory. Non-compliance may result in disciplinary action, including termination of employment or contracts, and may lead to legal action if warranted.<\/span><\/p>

                                                                                        Acknowledgment<\/b><\/p>

                                                                                        All users must acknowledge their understanding and acceptance of this policy. This acknowledgment can be in the form of a signed document or an electronic agreement.
                                                                                        <\/span>By adhering to this Acceptable Use Policy, users contribute to a secure and productive IT environment at Likeit Social.<\/span><\/p>\t<\/div>\n\n\t<\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

                                                                                        \n\t\t\t\t
                                                                                        \n\t\t\t
                                                                                        \n\t\t\t\t

                                                                                        Likeit Social Flaw Remediation Policy<\/h3>\t\t\n\t\t\n\t
                                                                                        \n\t\t

                                                                                        Introduction<\/b><\/p>

                                                                                        At Likeit Social, we are committed to maintaining the highest standards of security and integrity for our systems and data. This Flaw Remediation Policy outlines the procedures for identifying, assessing, prioritizing, and resolving security vulnerabilities and flaws within our IT environment.<\/span><\/p>

                                                                                        Purpose<\/b><\/p>

                                                                                        The purpose of this policy is to ensure a structured and timely approach to remediating security vulnerabilities and flaws to protect Likeit Social\u2019s assets, maintain customer trust, and comply with relevant legal and regulatory requirements.<\/span><\/p>

                                                                                        Scope<\/b><\/p>

                                                                                        This policy applies to all software, systems, applications, and networks within Likeit Social's IT environment. It is relevant to all employees, contractors, and third-party service providers involved in the management, development, and maintenance of these IT resources.<\/span><\/p>

                                                                                        Definitions<\/b><\/p>

                                                                                        1. Vulnerability:<\/b> A weakness in a system, application, or network that could be exploited to compromise security.<\/span><\/li>
                                                                                        2. Patch:<\/b> A piece of software designed to update, fix, or improve a computer program or its supporting data.<\/span><\/li>
                                                                                        3. Remediation:<\/b> The process of fixing or mitigating a vulnerability or flaw.<\/span><\/li>
                                                                                        4. Risk Assessment:<\/b> The process of identifying and evaluating risks associated with a vulnerability.<\/span><\/li><\/ol>

                                                                                          Roles and Responsibilities<\/b><\/p>

                                                                                          1. Security Team:<\/b>
                                                                                            1. Monitor for new vulnerabilities and threats.<\/span><\/li>
                                                                                            2. Conduct vulnerability assessments and penetration tests.<\/span><\/li>
                                                                                            3. Coordinate the remediation process.<\/span><\/li><\/ol><\/li>
                                                                                            4. IT Operations Team:<\/b>
                                                                                              1. Implement patches and fixes as directed.<\/span><\/li>
                                                                                              2. Ensure systems are up-to-date and secure.<\/span><\/li><\/ol><\/li>
                                                                                              3. Development Team:<\/b>
                                                                                                1. Address vulnerabilities in internally developed applications.<\/span><\/li>
                                                                                                2. Follow secure coding practices to prevent new vulnerabilities.<\/span><\/li><\/ol><\/li>
                                                                                                3. Third-Party Service Providers:<\/b>
                                                                                                  1. Notify Likeit Social of any vulnerabilities in their products or services.<\/span><\/li>
                                                                                                  2. Cooperate in the remediation process.<\/span><\/li><\/ol><\/li><\/ol>

                                                                                                    Vulnerability Management Process<\/b><\/p>

                                                                                                    1. Identification<\/b>
                                                                                                      1. Monitoring:<\/b> Continuously monitor vulnerability databases, security advisories, and threat intelligence sources for new vulnerabilities.<\/span><\/li>
                                                                                                      2. Scanning:<\/b> Regularly conduct automated vulnerability scans and manual assessments of systems, applications, and networks.<\/span><\/li><\/ol><\/li>
                                                                                                      3. Assessment<\/b>
                                                                                                        1. Initial Triage:<\/b> Conduct an initial assessment to determine the severity and potential impact of the identified vulnerability.<\/span><\/li>
                                                                                                        2. Classification:<\/b> Classify vulnerabilities based on their severity:<\/span>
                                                                                                          1. Critical:<\/b> Immediate threat to the organization; requires urgent remediation.<\/span><\/li>
                                                                                                          2. High:<\/b> Significant threat; requires prompt remediation.<\/span><\/li>
                                                                                                          3. Medium:<\/b> Moderate threat; requires remediation in a reasonable timeframe.<\/span><\/li>
                                                                                                          4. Low:<\/b> Minimal threat; monitor and remediate as part of regular maintenance.<\/span><\/li><\/ol><\/li>
                                                                                                          5. Prioritization<\/b>
                                                                                                            1. Risk Assessment:<\/b> Evaluate the risk associated with each vulnerability, considering factors such as exploitability, potential impact, and exposure.<\/span><\/li>
                                                                                                            2. Prioritization:<\/b> Prioritize vulnerabilities for remediation based on their severity and risk assessment.<\/span><\/li><\/ol><\/li>
                                                                                                            3. Remediation<\/b>
                                                                                                              1. Patch Management:<\/b> Apply security patches and updates to affected systems, applications, and networks.<\/span><\/li>
                                                                                                              2. Configuration Changes:<\/b> Implement configuration changes to mitigate vulnerabilities where patches are not available.<\/span><\/li>
                                                                                                              3. Code Fixes:<\/b> Update and fix code in internally developed applications to address vulnerabilities.<\/span><\/li>
                                                                                                              4. Testing:<\/b> Test patches, configuration changes, and code fixes to ensure they effectively mitigate the vulnerability without introducing new issues.<\/span><\/li><\/ol><\/li>
                                                                                                              5. Verification<\/b>
                                                                                                                1. Post-Remediation Scanning:<\/b> Conduct follow-up scans and assessments to verify that vulnerabilities have been successfully remediated.<\/span><\/li>
                                                                                                                2. Validation:<\/b> Ensure that remediation efforts have not adversely affected system functionality or performance.<\/span><\/li><\/ol><\/li>
                                                                                                                3. Documentation and Reporting<\/b>
                                                                                                                  1. Record Keeping:<\/b> Maintain detailed records of identified vulnerabilities, risk assessments, remediation actions, and validation results.<\/span><\/li>
                                                                                                                  2. Reporting:<\/b> Provide regular reports on the status of vulnerability management to senior management and stakeholders.<\/span><\/li><\/ol><\/li>
                                                                                                                  3. Continuous Improvement<\/b>
                                                                                                                    1. Review:<\/b> Conduct periodic reviews of the vulnerability management process to identify areas for improvement.<\/span><\/li><\/ol><\/li><\/ol><\/li><\/ol>