CALL: 650-583-1047 ABOUT US CONTACT US
FREE BAGS OF TEA WITH ANY PURCHASE OF $30 OR MORE!!
(Included during processing of order)

INTERNATIONAL ORDERS SHIPPED WITH 'MOST ECONOMICAL' WILL NOT HAVE UPDATED TRACKING INFORMATION ONCE PROCESSED THROUGH US CUSTOMS

2nd Day Air / Fastest orders are only delivered on weekdays as carrier does not service over the weekend

Ten Ren Tea Information Security Policy

Purpose

This Information Security Policy describes how Ten Ren Tea protects customer and company data. It defines procedures for safeguarding data, responding to security incidents, and ensuring compliance with applicable privacy and security laws.

Scope

This policy applies to all employees, contractors, systems, networks, and vendors that handle or store data related to Ten Ren Tea operations.

Security Governance

Ten Ren Tea will appoint a Security Officer responsible for enforcing this policy. All staff handling sensitive information must complete security training and follow approved practices.

Data Classification and Handling

Data shall be classified as public, internal, confidential, or restricted. Confidential and restricted data such as payment details and personal information must be encrypted in transit and at rest. Access is granted only as needed for job duties. Passwords must meet complexity requirements and multi-factor authentication must be used where available.

Physical and Network Security

Systems must be protected by firewalls and monitored for unauthorized access. Servers are located in secure facilities with controlled access. Regular security patches and updates must be applied.

Vendor and Third-Party Security

Vendors with access to customer or company data must maintain equivalent security standards, sign confidentiality agreements, and comply with industry best practices such as PCI-DSS for payment information.

Incident Response

Any suspected or confirmed security breach must be reported immediately to the Security Officer. The company will assess, contain, and investigate the incident. If a breach involves personal data, affected individuals and regulatory authorities will be notified as required by law.

Data Retention and Disposal

Data will only be retained as long as needed for business or legal purposes. After that, data must be securely deleted or anonymized. Paper documents containing sensitive data must be shredded before disposal.

Monitoring and Auditing

Ten Ren Tea will conduct regular security audits, vulnerability scans, and penetration testing. Logs of access and system activity will be maintained and reviewed periodically.

Policy Review

This policy will be reviewed at least once per year or when major operational or regulatory changes occur. Updates must be approved by management and communicated to all personnel.

Contact Information

Questions about this policy or security concerns should be directed to the Security Officer at Ten Ren Tea via the contact form on the website.
Scroll to top