Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Yes, we have comprehensive logging, including security events, for all relevant services.

Server/Infrastructure


Operating system that are currently in use on your Server:

...

Do you have the capability to recover data for a specific customer in the case of a failure or data loss?

We do have backups of our data and our backend services are spread across different regions, with a DNS loadbalancer in place.

Do you have a retention procedure?

We shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data.

...

Users are local administrators on their machines. Since we are a small IT company with only IT trained employees. We confirm that admin access is regularly reviewed.

...

No, all Operating System versions are supported.

Data Management (DPA - Data Processing Addendum (yasoon.com)


Are data input and output integrity routines (i.e., reconciliation and edit checks) implemented for application interfaces and databases to prevent manual or systematic processing errors or corruption of data?

...

All customer data that are stored in our environment are encrypted on data drive level.
Additionally there are data we consider sensitive (e.g. access tokens) not even our support staff should have access to. These data are additionally encrypted within the database with AES-256.

Which data are stored?

We only store content that has been explicitly created by our apps. The exact data varies by used features.

...

Yes, Roles are defined on Azure Entra Id and tied to the job role. Exceptions are handled by tickets and monitored at least once a year.

...

  • An external policy or notice to the public, users, or customers, describing how you protect the security and privacy of data

  • Written internal policies, guidelines, and documented practices for the safe handling and protection of data

  • Internal audits of the security and privacy program

  • Third-party audits of the security and privacy program

  • A risk assessment and risk management process to regularly review the threats your company is exposed to

  • A program to ensure security in your human resources processes

  • A process to ensure that your service providers and subcontractors are capable of taking appropriate steps to protect sensitive data and systems

  • Processes and procedures to ensure that security incidents are discovered in a timely manner and dealt with effectively

  • A change management process to ensure that all changes to networks, systems, and processes are appropriately reviewed

Audits

How often are internal information security and privacy audits performed?

...