1 Overview
This Data Security Policy outlines the measures and practices implemented by Predict to ensure the confidentiality, integrity, and availability of data. We are committed to safeguarding all sensitive information collected, processed, and stored within our systems. This policy specifically addresses the encryption of data at rest and the utilization of AWS servers compliant with ISO 27018 standards.
2 Data Encryption at Rest
2.1 Encryption Methods
All sensitive data stored within our systems undergoes encryption at rest. We utilize industry-standard encryption algorithms and protocols to ensure the confidentiality of data. This includes the use of robust encryption technologies, such as AES-256, to protect data stored on storage devices, databases, and backup systems.
2.2 Key Management
To maintain the security of encrypted data, a strict key management process is in place. Encryption keys are stored separately from the data and are accessible only to authorized personnel on a need-to-know basis. The keys are periodically rotated to mitigate risks associated with compromised or outdated keys.
3 Use of AWS Servers and ISO 27018 Compliance
3.1 AWS Infrastructure
Our organization leverages the services of Amazon Web Services (AWS) for data storage and processing. AWS provides a secure and scalable infrastructure to host our systems and applications. By utilizing AWS servers, we benefit from their robust security controls, high availability, and disaster recovery capabilities.
3.2 ISO 27018 Compliance
We are committed to adhering to industry best practices and standards for data privacy and protection. AWS servers that we employ for storing and processing data comply with ISO 27018, which specifically addresses the protection of personally identifiable information (PII) in cloud environments. ISO 27018 compliance ensures that appropriate controls are in place to safeguard data privacy, including restrictions on the processing of PII and measures to prevent unauthorized access to data.
4 Access Controls and Monitoring
4.1 Access Management
Access to sensitive data is granted on a need-to-know basis. Access controls are implemented to ensure that only authorized individuals can view, modify, or process sensitive information. User access privileges are regularly reviewed, and access rights are promptly revoked upon employee termination or change in responsibilities.
4.2 Monitoring and Auditing
To detect and prevent unauthorized access or data breaches, comprehensive monitoring and auditing mechanisms are implemented. This includes the continuous monitoring of system logs, network traffic, and user activities. Any suspicious or unauthorized activities are promptly investigated, and appropriate actions are taken to mitigate potential risks.
5 Compliance and Policy Review
This Data Security Policy is reviewed periodically to ensure its continued relevance and effectiveness. Any updates or changes to data security practices will be promptly incorporated into this policy. Our organization remains committed to compliance with relevant data protection regulations and industry standards.
6 Employee Awareness and Training
To promote a culture of data security, all employees receive comprehensive training on data protection best practices, including their roles and responsibilities in safeguarding sensitive information. Regular awareness programs and updates are conducted to keep employees informed about emerging threats and security measures.
7 Policy Non-Compliance
Any instances of non-compliance with this Data Security Policy should be promptly reported to the designated authority. Appropriate disciplinary actions will be taken against individuals found to have violated the policy.
8 Conclusion
Ensuring the security of data is of paramount importance to Predict. Through the implementation of robust encryption at rest and the use of ISO 27018 compliant AWS servers, we strive to maintain the confidentiality, integrity, and availability of sensitive information. This policy serves as a framework to guide our data security practices and demonstrates our commitment to protecting the privacy of customers.