Data Security Questions

How does Site Stacker protect against a security breach?

• Access Controls: Administrator access is restricted to authorized users for applications, databases, networks, VPNs, and operating systems.
  
  
• Encryption: Sensitive data is encrypted both in transit and at rest using industry-standard algorithms.
  
  
• Firewall Rules: Configured to prevent unauthorized access threats.
  
  
• Intrusion Detection: Tools are used to monitor and log network breaches and anomalies, with alerts and appropriate actions taken.
  
  
• Vulnerability Scans: Performed quarterly to identify and remediate security risks.
  
  
• How would your company handle a security breach if it took place?
  
  
• Incident Response Plan: A documented plan guides employees in identifying, reporting, and acting on breaches. This includes a breach response plan to address data breaches effectively.
  
  
• User Access Review: Annual reviews of user access ensure inactive users are removed, documented by management.
  
  
• Intrusion Detection: Continuous monitoring and logging of potential or actual network breaches ensure timely alerts and responses.

What systems do you have in place to defend against malicious threat actors?

• Firewalls: Configured to prevent unauthorized access.
  
  
• Intrusion Detection Systems: Monitor and log network breaches and anomalies.
  
  
• Antivirus: Installed on all servers to protect against viruses and malicious software.
  
  
• Automatic Patching: Servers are configured to automatically install critical security patches.
  
  

How do you make sure your staff are trustworthy?

• Background Checks: Required prior to hiring.
  
  
• Security Training: Provided to employees and contractors upon hire and annually, including information on reporting security incidents.
  
  
• Acceptable Use Policy: All staff sign a policy outlining rules for the acceptable use of information and compliance with legislative and contractual requirements.
  
  

What systems are in place to detect and fix vulnerabilities?

• Vulnerability Scans: Performed quarterly, with results assessed and remediated as required.
  
  
• Automatic Patching: Ensures that servers are updated with critical security patches.
  
  
• Configuration Standards: Baseline security configurations are maintained and deployed to all systems, reviewed annually.
  
  

Do you have any third-party oversight regarding your security?

• Vendor Controls: Relationships with suppliers, service providers, contractors, consultants, and cloud providers are managed through rigorous vetting and regular audits, ensuring they meet security requirements.
  
  
• Non-Disclosure Agreements: Employees and contractors sign these agreements upon hire to ensure information security responsibilities are clear.
  
  

What policies are in place to make sure customer data is safe?

• Data Classification Policy: Establishes a defined scheme for labeling and handling data, reviewed annually.
  
  
• Data Retention/Deletion Procedures: Remove data based on retention schedules, contract requirements, and deletion rules, ensuring data disposal is tracked and compliant.
  
  
• Information Security Policy: Maintained, reviewed, and updated annually to govern the overall security framework.
  
  

What does your company do to assure system availability to customers?

• Business Continuity Plan: Developed to identify processes, roles, and milestones for maintaining business continuity and restoring system functionality during major disruptions. This plan includes disaster recovery procedures and is reviewed and tested annually.
  
  
• Change Management: Policies and procedures ensure infrastructure and application changes are tested, reviewed, and approved before implementation, minimizing disruptions and maintaining system availability.
  
  
• Redundancy and Failover Systems: Implemented to ensure high availability and reliability of systems, reducing downtime for customers