top of page

So, what are we building?

Exhibit B – Technical and Organizational Measures

 

The company deploys and maintains technical and organizational security measures to protect Personal Data. Below is an overview of the measures the Company employs to keep our platform and Personal Data secure.

 

  1. General

    1. The Company maintains a documented information security policy, consistent with industry standards, reviewed and updated annually. Security policy development and maintenance, is managed by personnel with expertise in the field of information security. 

    2. All personnel computers shall be updated with antivirus software, or similar protective mechanisms. 

  2. Training and Personnel

    1. All Company’s personnel undergo a security training program at least once every calendar year.

    2. Upon termination, no personnel may retain any access keys, codes, or similar access to any Personal Data or the Company’s facilities. 

  3. Access Control

    1. The Company’s information security policies shall establish reasonable steps to prevent unauthorized access to, or loss of, Personal Data.

    2. Company shall designate a system administrator, which restricts access of other personnel to Personal Data in accordance with these Technical and Organizational Measures, which access permissions which shall be reviewed on an annual basis. 

    3. Company shall require authentication process for all access and remote access by its personnel, which can consist of strong passwords, two-factor authentication, or other mechanisms which prevents unauthorized access. 

    4. Access, data insertion, deletion, and modification logged, including time stamps. 

  4. Physical Security

    1. Company ensures the physical security of its premises, and monitors any access, or entrance to its premises. 

    2. Company requires all of its personnel to refrain from retaining physical copies of sensitive data for any longer than necessary, according to Company’s policies. 

    3. Visitors access to Company’s facilities is monitored and restricted, managed by dedicated personnel.

    4. All Personal Data shall be hosted and stored in machine located in facilities with reasonable environmental measures, such as, temperature regulation, fire suppression, smoke detectors, etc.

  5. Integrity

    1. Company regularly back-up its systems, and undertakes to review software to find and remediate security vulnerabilities during initial implementation and upon any significant modifications and updates.

    2. Company undergoes penetration testing at least once every calendar year, and remediates any finding in accordance with its internal policies. 

    3. Company undertakes to change all default account access configurations and authentication keys prior to the implementation of all new systems following the effective date of this Agreement. 

    4. All personnel laptops are managed by Company, and monitored regularly. 

    5. Company shall not store Personal Data outside of its monitored environments unless it is protected by strong encryption. 

  6. Deletion

    1. Company undertakes to delete all Personal Data in accordance with the DPA.

    2. Company maintains automatic back-up practices of Personal Data, which are deleted on set intervals. 

  7. Third-Party Risk Management

    1. Prior to engaging a new third-party service provider who will have access to Personal Data, Company conducts a risk assessment of its information security practices.

  8. Law Enforcement Request Policy

    1. One of the most prominent Company’s core values is respecting human rights. As such, the Company ensures that all data requests received from law enforcement agencies, governmental, regulatory, and judicial bodies are valid and made in accordance with the applicable legal procedures. 

    2. All disclosure of Personal Data to authorities shall be in accordance with this DPA

bottom of page