Filisia Interfaces Information Security Policy
Last updated: October 2025
Alignment: NIST Cybersecurity Framework v1.1
1. Purpose
Filisia Interfaces Ltd (“Filisia”, “we”, or “our”) is committed to protecting the security and privacy of all data processed through our Cosmo products and services.
This Information Security & Data Protection Policy outlines our approach to securing personal and institutional information in alignment with the NIST Cybersecurity Framework v1.1 and applicable international data-protection laws.
2. Scope
This policy applies to:
- All systems, devices, and cloud services operated or managed by Filisia;
- Data collected from schools, educators, therapists, and learners using Cosmo products worldwide;
- All employees, contractors, and authorised resellers who have access to Filisia systems or data.
3. Framework Alignment
Filisia’s cybersecurity practices follow the five core functions of the NIST Cybersecurity Framework: Identify – Protect – Detect – Respond – Recover.
4. Identify
We maintain awareness of our information assets, data types, and associated risks.
- All core systems and data assets are inventoried and reviewed at least annually.
- Roles and responsibilities for data handling are defined and assigned to key personnel.
- Risk assessments are conducted periodically and after significant system or infrastructure changes.
5. Protect
We implement safeguards to preserve the confidentiality, integrity, and availability of data.
- Access is limited to authorised users with unique credentials and least-privilege principles.
- Multi-factor authentication and strong password requirements are enforced.
- Data are encrypted in transit and at rest (TLS 1.2+ / AES-256 or equivalent).
- Company devices are encrypted and can be remotely wiped if lost or stolen.
- Employees complete annual cybersecurity and data protection training.
6. Detect
We monitor for and identify potential security incidents.
- Infrastructure providers employ automated monitoring and intrusion-detection tools.
- Employees and customers are encouraged to report suspected incidents to hello@explorecosmo.com.
7. Respond
We maintain an incident-response process to contain, assess, and resolve security events.
- All incidents are logged, investigated, and documented.
- Affected customers or institutions are notified promptly in line with contractual and legal requirements.
- Root-cause analyses are performed, and mitigation steps are implemented to prevent recurrence.
8. Recover
We maintain operational resilience to restore systems and services following disruption.
- Critical data and configurations are backed up securely and tested regularly.
- Business-continuity and disaster-recovery procedures are reviewed and updated annually.
- Restoration efforts prioritise data integrity and minimal downtime for users.
9. Data Protection and Privacy
- Filisia complies with applicable data-protection laws and regulations in the regions where we operate or process data.
- Student and customer data are used solely for authorised educational and operational purposes under institutional direction.
- Personal data are not sold, rented, or used for marketing or advertising.
- Data are stored in secure, access-controlled environments managed by trusted global cloud providers that hold recognised security certifications.
12. Continuous Improvement
Filisia is committed to strengthening its cybersecurity and privacy posture over time. We will:
- Review and update this policy annually or after significant operational or regulatory changes.
- Conduct internal reviews and implement improved controls.
- Maintain transparency with schools, customers, and partners regarding data-protection measures and security practices.
13. Contact
For security or privacy matters, please contact: hello@explorecosmo.com
