How does Site Stacker protect against a security breach?
- Access Controls: Administrator access is restricted to authorized users for applications, databases, networks, VPNs, and operating systems.
- Encryption: Sensitive data is encrypted both in transit and at rest using industry-standard algorithms.
- Firewall Rules: Configured to prevent unauthorized access threats.
- Intrusion Detection: Tools are used to monitor and log network breaches and anomalies, with alerts and appropriate actions taken.
- Vulnerability Scans: Performed quarterly to identify and remediate security risks.
- How would your company handle a security breach if it took place?
- Incident Response Plan: A documented plan guides employees in identifying, reporting, and acting on breaches. This includes a breach response plan to address data breaches effectively.
- User Access Review: Annual reviews of user access ensure inactive users are removed, documented by management.
- Intrusion Detection: Continuous monitoring and logging of potential or actual network breaches ensure timely alerts and responses.
What systems do you have in place to defend against malicious threat actors?
- Firewalls: Configured to prevent unauthorized access.
- Intrusion Detection Systems: Monitor and log network breaches and anomalies.
- Antivirus: Installed on all servers to protect against viruses and malicious software.
- Automatic Patching: Servers are configured to automatically install critical security patches.
How do you make sure your staff are trustworthy?
- Background Checks: Required prior to hiring.
- Security Training: Provided to employees and contractors upon hire and annually, including information on reporting security incidents.
- Acceptable Use Policy: All staff sign a policy outlining rules for the acceptable use of information and compliance with legislative and contractual requirements.
What systems are in place to detect and fix vulnerabilities?
- Vulnerability Scans: Performed quarterly, with results assessed and remediated as required.
- Automatic Patching: Ensures that servers are updated with critical security patches.
- Configuration Standards: Baseline security configurations are maintained and deployed to all systems, reviewed annually.
Do you have any third-party oversight regarding your security?
- Vendor Controls: Relationships with suppliers, service providers, contractors, consultants, and cloud providers are managed through rigorous vetting and regular audits, ensuring they meet security requirements.
- Non-Disclosure Agreements: Employees and contractors sign these agreements upon hire to ensure information security responsibilities are clear.
What policies are in place to make sure customer data is safe?
- Data Classification Policy: Establishes a defined scheme for labeling and handling data, reviewed annually.
- Data Retention/Deletion Procedures: Remove data based on retention schedules, contract requirements, and deletion rules, ensuring data disposal is tracked and compliant.
- Information Security Policy: Maintained, reviewed, and updated annually to govern the overall security framework.
What does your company do to assure system availability to customers?
- Business Continuity Plan: Developed to identify processes, roles, and milestones for maintaining business continuity and restoring system functionality during major disruptions. This plan includes disaster recovery procedures and is reviewed and tested annually.
- Change Management: Policies and procedures ensure infrastructure and application changes are tested, reviewed, and approved before implementation, minimizing disruptions and maintaining system availability.
- Redundancy and Failover Systems: Implemented to ensure high availability and reliability of systems, reducing downtime for customers
Modified on Fri, 7 Jun at 2:18 PM
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article