Information governance and security

In order to adequately protect the information that Normandin Beaudry Private Management handles in the course of its business activities, a global approach to information security and governance has been implemented based on a risk management approach.

To establish this strong, integrated governance, the measures we have implemented allow us to effectively formalize our information protection system in line with legal requirements, those of our clients and specific information security regulations and standards.

At Normandin Beaudry Private Management, information security and governance are based on the following key principles:

• Availability: Normandin Beaudry Private Management identifies accessibility and usability mechanisms throughout the information lifecycle, supported by a business continuity plan that is regularly updated to ensure the continuity of our operations.
• Integrity: Normandin Beaudry Private Management ensures the integrity of all information it processes.
• Confidentiality: Normandin Beaudry Private Management provides all information handled with adequate protection that is commensurate with its criticality to ensure its confidentiality, from collection to disposal.
• Commitment: Normandin Beaudry Private Management raises awareness among and trains its staff on the consequences of a security breach and the roles and obligations of all employees in the information protection process.
• Information security: Commensurate security measures identify the protection, defence, and resilience elements to be deployed to ensure Normandin Beaudry Private Management continues to operate to the best of its abilities and needs, in order to meet our clients’ requirements.
• Accountability: The clear assignment of responsibilities, including those of third parties, is an essential component of effective information security management. They contractually agree to comply with Normandin Beaudry Private Management’s information security rules and standards.
• Universality: When relevant, the information security practices and solutions assessed, implemented and operated should reflect recognized and widely used national and international practices.