MYSortsID-Logo-11-VERSION1 (1)
Create Your Card

Security Policy

MY SPORTS ID CARD: SECURITY POLICY

Document Version: 1.0 Effective Date: June 21, 2025 Policy Owner: Head of Security / CISO (or designated leadership)

 

  1. POLICY STATEMENT

My Sports ID Card is committed to protecting the confidentiality, integrity, and availability of all information entrusted to it, including user data (especially personal data of minors), proprietary business information, and operational systems. We recognize that robust security is foundational to building trust with our users, complying with legal and regulatory obligations (e.g., COPPA, GDPR, CCPA), and safeguarding our business operations.

This Security Policy establishes the framework for managing information security risks within My Sports ID Card and applies to all employees, contractors, third-party vendors, and any other individuals or entities who access, process, or manage My Sports ID Card information systems or data.

  1. PURPOSE AND SCOPE

2.1. Purpose: The purpose of this policy is to:

  • Establish a clear framework for information security governance and risk management.
  • Define responsibilities for information security within the organization.
  • Protect My Sports ID Card’s information assets from unauthorized access, use, disclosure, disruption, modification, or destruction.
  • Ensure compliance with applicable laws, regulations, and contractual obligations, particularly those related to data privacy and protection of minors’ data (COPPA).
  • Maintain the trust and confidence of our users and partners.
 

2.2. Scope: This policy applies to:

  • All information, data (in all forms: electronic, paper, verbal), and information systems owned, managed, or processed by My Sports ID Card.
  • All employees, contractors, temporary staff, consultants, and any third parties accessing My Sports ID Card information or systems (“Personnel”).
  • All physical locations, network infrastructure, software applications, and cloud services used by My Sports ID Card for its business operations and the provision of its Platform.
 
  1. ROLES AND RESPONSIBILITIES
  • Board of Directors/Senior Leadership: Provide overall strategic direction, allocate resources, and approve major security initiatives.
  • Head of Security / CISO (Chief Information Security Officer): Develop, implement, and maintain the Information Security Program; advise senior leadership; manage security incidents; ensure compliance.
  • IT Department: Implement and maintain security controls for infrastructure, networks, and systems; manage access; perform system monitoring and patching.
  • Engineering/Development Team: Implement secure coding practices; conduct security testing (e.g., penetration testing, vulnerability scanning); ensure application security.
  • Legal & Compliance Team: Advise on legal and regulatory requirements (e.g., COPPA, GDPR, CCPA, state-specific privacy laws); manage policy review and updates from a legal perspective.
  • All Personnel: Adhere to this Security Policy and related procedures; complete mandatory security awareness training; report security incidents promptly.
  • Data Owners (e.g., Department Heads): Accountable for the security and integrity of data within their respective areas; classify data.
 
  1. INFORMATION CLASSIFICATION

My Sports ID Card categorizes information based on its sensitivity and impact of unauthorized disclosure. All information must be classified and handled according to its classification level.

  • Public: Information intended for general public consumption (e.g., marketing materials, public website content). Minimal controls required.
  • Internal Use: Information that is not sensitive but not intended for public release (e.g., internal memos, general business communications).
  • Confidential: Information whose unauthorized disclosure could cause moderate harm to My Sports ID Card or its users (e.g., non-public business strategies, some financial data, non-sensitive user profile data). Requires access controls and encryption.
  • Sensitive / Restricted: Information whose unauthorized disclosure could cause severe harm, legal penalties, or significant reputational damage (e.g., personal data of minors, payment information, highly sensitive athlete performance data, intellectual property, unpatched vulnerabilities, authentication credentials). Requires strict access controls, robust encryption, regular audits, and adherence to specific regulatory requirements.
 
  1. ACCESS CONTROL

Access to My Sports ID Card’s information systems and data shall be granted based on the principle of least privilege – users shall only have access necessary to perform their job functions.

  • Authentication:
    • Strong password policies (complexity, length, regular changes) shall be enforced for all systems.
    • Multi-Factor Authentication (MFA) shall be mandatory for all administrative access, critical systems, and user-facing accounts where supported.
    • Access to production environments is strictly controlled and audited.
  • Authorization:
    • Access permissions shall be assigned based on job role and the “need-to-know” principle.
    • Regular reviews of access rights shall be conducted (at least annually or upon role change/termination).
  • Account Management:
    • Unique user IDs shall be assigned to all individuals.
    • Accounts for terminated personnel shall be disabled immediately.
    • Guest/temporary accounts shall be time-limited and subject to strict approval processes.
 
  1. DATA PROTECTION

My Sports ID Card is committed to protecting data throughout its entire lifecycle: collection, storage, processing, transmission, and disposal.

  • Data Minimization: Only necessary data will be collected, processed, and retained.
  • Encryption:
    • Data in Transit: All data transmitted over public networks (e.g., between users and the Platform, or between internal systems and cloud services) shall be encrypted using industry-standard protocols (e.g., TLS 1.2+).
    • Data at Rest: Sensitive and confidential data stored on servers, databases, and backup media shall be encrypted.
  • Data Backup & Recovery:
    • Regular backups of all critical data and systems shall be performed.
    • Backup media shall be stored securely, protected by encryption.
    • Disaster recovery and business continuity plans shall be developed, maintained, and periodically tested to ensure timely restoration of services and data in the event of a major incident.
  • Data Retention & Disposal:
    • Data shall be retained only for as long as necessary to fulfill legal, regulatory, contractual, or business requirements, as defined in our Data Retention Policy.
    • When data is no longer needed, it shall be disposed of securely (e.g., cryptographic erase, physical destruction of media) to prevent unauthorized recovery.
  • Data Integrity: Mechanisms shall be in place to ensure the accuracy and completeness of data and to prevent unauthorized modification.
 
  1. NETWORK SECURITY

My Sports ID Card’s network infrastructure shall be secured to prevent unauthorized access and protect against cyber threats.

  • Firewalls: Firewalls shall be implemented to control network traffic based on predefined security rules.
  • Network Segmentation: Critical systems and sensitive data shall be logically segmented from less sensitive parts of the network.
  • Intrusion Detection/Prevention Systems (IDS/IPS): IDS/IPS shall be deployed to monitor network traffic for malicious activity and automatically prevent attacks where possible.
  • Vulnerability Management: Regular network vulnerability scans and penetration tests shall be conducted to identify and remediate weaknesses.
 
  1. SYSTEM SECURITY (SERVERS & ENDPOINTS)

All servers, workstations, and mobile devices used for My Sports ID Card operations shall be secured.

  • System Hardening: Systems shall be configured using security baselines (e.g., CIS Benchmarks) to minimize vulnerabilities.
  • Patch Management: All operating systems, applications, and firmware shall be kept up-to-date with the latest security patches.
  • Anti-Malware: Endpoint Detection and Response (EDR) or equivalent anti-malware solutions shall be deployed on all endpoints and servers.
  • Logging & Monitoring: System logs shall be collected, reviewed, and stored securely to detect and investigate suspicious activities.
 
  1. APPLICATION SECURITY

The My Sports ID Card Platform and all internal applications shall be developed and maintained with security as a core principle.

  • Secure Software Development Lifecycle (SSDLC): Security considerations shall be integrated into every phase of the software development lifecycle, from design to deployment and maintenance.
  • Input Validation: All user inputs shall be rigorously validated to prevent injection attacks and other common vulnerabilities.
  • Vulnerability Testing:
    • Regular security testing, including penetration testing, vulnerability scanning, and code reviews, shall be performed on the Platform.
    • Findings from security tests shall be prioritized and remediated promptly.
  • API Security: All APIs shall be secured using authentication, authorization, and rate limiting.
 
  1. INCIDENT RESPONSE

My Sports ID Card shall maintain a comprehensive Incident Response Plan to effectively detect, respond to, contain, and recover from security incidents.

  • Detection & Reporting: All Personnel are responsible for immediately reporting suspected or actual security incidents (e.g., data breaches, malware infections, unauthorized access) to the designated security contact.
  • Response & Containment: Upon notification, the Incident Response Team shall initiate an investigation, contain the incident, and minimize its impact.
  • Recovery & Post-Mortem: After an incident is contained, efforts shall focus on restoring affected systems and services. A post-incident review shall be conducted to identify root causes and implement lessons learned to prevent future occurrences.
  • Communication: Clear communication protocols shall be established for notifying affected users, regulatory bodies, and law enforcement, as required by law (e.g., breach notification laws).
 
  1. PERSONNEL SECURITY

All Personnel are critical to My Sports ID Card’s security posture.

  • Background Checks: Background checks shall be conducted for all new hires in accordance with applicable laws and the sensitivity of their role.
  • Security Awareness Training: All Personnel shall receive mandatory security awareness training upon hire and annually thereafter. Training shall cover data handling, phishing awareness, password security, and reporting procedures.
  • Acceptable Use of Company Assets: Personnel shall adhere to the Acceptable Use Policy regarding the use of company-provided devices, networks, and software.
  • Confidentiality Agreements: All Personnel shall sign confidentiality agreements as part of their employment or engagement.
 
  1. THIRD-PARTY SECURITY MANAGEMENT

My Sports ID Card recognizes the risks associated with third-party vendors and service providers.

  • Vendor Due Diligence: A vendor security assessment process shall be implemented for all third parties that store, process, or have access to My Sports ID Card’s data or systems.
  • Contractual Requirements: All third-party contracts involving data processing or system access shall include specific security and privacy clauses (e.g., data protection addendums, confidentiality agreements).
  • Ongoing Monitoring: Key third-party vendors shall be subject to ongoing security monitoring and periodic re-assessment.
 
  1. PHYSICAL SECURITY

Where My Sports ID Card maintains physical infrastructure or offices, appropriate physical security measures shall be implemented to protect assets from unauthorized access, damage, and theft.

  • Access controls (e.g., keycards, biometrics)
  • Surveillance systems
  • Visitor logging
  • Securing equipment and media
 
  1. COMPLIANCE AND AUDIT

My Sports ID Card is committed to maintaining compliance with all relevant laws, regulations, and industry standards.

  • Internal Audits: Regular internal security audits shall be conducted to assess compliance with this policy and identify areas for improvement.
  • External Audits/Certifications (as applicable): My Sports ID Card may pursue and maintain relevant certifications (e.g., SOC 2, ISO 27001) or undergo independent security assessments to demonstrate its commitment to security.
  • Regulatory Reporting: Procedures are in place for reporting security incidents to regulatory bodies as required by law.
 
  1. POLICY REVIEW AND UPDATES

This Security Policy shall be reviewed at least annually, or more frequently as necessitated by changes in My Sports ID Card’s operations, technology, threat landscape, or legal/regulatory requirements. Any updates shall be approved by senior leadership and communicated to all affected Personnel.

  1. DEFINITIONS
  • Confidentiality: Protecting information from unauthorized disclosure.
  • Integrity: Ensuring the accuracy and completeness of information and processing methods.
  • Availability: Ensuring authorized users have timely and reliable access to information and systems.
  • Personal Data: Any information relating to an identified or identifiable natural person (as defined by GDPR, CCPA, etc.).
  • COPPA: Children’s Online Privacy Protection Act.
  • NIL: Name, Image, and Likeness.
  • Platform: My Sports ID Card website, mobile applications, and all related services.
  • Personnel: All employees, contractors, temporary staff, consultants, and any third parties accessing My Sports ID Card information or systems.
 
  1. CONTACT INFORMATION

For questions regarding this Security Policy, to report a security incident, or to seek clarification on security practices, please contact:

My Sports ID Card Security Team Email: support@mysportsidcard.com

ABOUT MISDC
Home
About Us
Card Types
Contact
Careers
News
MORE
Affiliate Program
Fundraising Engine
Platform Sponsor
Corporate Responsibility
Privacy Policy
Terns of Servive
POLICIES
Refund | Cancellation
Community Guidelines
NIL Compliant Policy
NCAA Compliance Policy
COPPA | FERPA Policy
MSIDC Posting Policy
POLICIES CONT.
Cookie Policy
Security Policy
Copyright | DMCA Policy
Dispute Resolution
Master Services Agreement
Acceptable Use Policy
Get In Touch

Our Sales & Support team is available by email 24/7.

support@mysportsidcard.com
MY SPORTS ID CARD

My Sports ID Card is a digital platform transforming how athletes and sports professionals build their personal brands and monetize their careers. Through dynamic, mobile-first virtual business cards, users can showcase their skills, promote merchandise, manage bookings, sell tickets, livestream content, and remain compliant with NIL (Name, Image, and Likeness) regulations.

Built for scalability, accessibility, and compliance, the platform positions itself at the intersection of sports, technology, and the creator economy, giving users of all ages and experience levels a chance to thrive both on and off the field. With subscription-based models, robust fundraising and affiliate engines, and multiple monetization layers, My Sports ID Card represents a high-growth, high-impact opportunity.

Email Support: support@mysportsidcard.com

Follow Us:
Facebook Instagram
BACK TO TOP
My Sports ID Card LLC © 2025, All right reserved