Security

Introduction

We take 天美网站传媒传媒 security seriously. The security of your data is one of our most important responsibilities. This document explains what we do to keep your data secure.

Personnel security

All employees and independent contractors who work with 天美网站传媒传媒 and have access to our internal systems are required to understand and follow our internal policies and standards. Before accessing our systems, all workers agree to confidentiality terms and attend security training. This training covers privacy and security, acceptable use, preventing malware, account management, physical security and data privacy.

While working with 天美网站传媒传媒, everyone is required to refresh privacy and security training annually. They are also required to acknowledge that they have read and understand our information security policy and incident response plan. Some employees who have elevated access to our systems and data receive additional job-specific training on privacy and security.

Upon termination of work at 天美网站传媒传媒, all access to 天美网站传媒传媒 systems is removed immediately.

Physical security

天美网站传媒传媒 is hosted with Amazon Web Services (AWS) in their Canadian Region. AWS delivers a scalable, cloud-computing platform designed for high availability and dependability. Among the many benefits of using cloud services, a big one is that expensive physical security systems can be implemented, as the cost of these is spread across thousands of customers.

Secure by design

天美网站传媒传媒 follows a Secure Development Lifecycle. During the design phase, our product team assesses and qualifies any possible security issues. The risk analysis leverages the product team鈥檚 experience and aligns with OWASP Top 10 development practices.

All code is checked into our version-controlled repository, and code changes are reviewed by peers. 天美网站传媒传媒 has a dedicated application testing team, and all software releases pass rigorous testing before being released to production.

The 天美网站传媒传媒 application is deployed on hardened systems, and our development operations team follows recommended practices to secure our OS and web servers. We perform active inspection of vulnerabilities and maintain server-level firewalls.

Our web application performs input validation and safely encodes output. All data transmitted between client and server is done via HTTPS. The 天美网站传媒传媒 application uses server-side sessions with defined user roles, user authentication and password management.

Protecting customer data

Compliance certifications and attestations

天美网站传媒传媒 is committed to achieving and maintaining the trust of our customers. As part of this commitment, 天美网站传媒传媒 maintains compliance standards aligned with industry best practices, regulatory, federal/state rulings, international/regional laws, and industry-specific requirements.

ISO/IEC 27001

Information Security Management System (ISMS)

ISO/IEC 27701

Privacy Information Management System (PIMS)

SOC 2 (Type II)

Trust Services Principles

Available upon request

Cloud Security Alliance Star Registrant

Self-Assessment CAIQ Questionnaire

Data encryption

天美网站传媒传媒 uses strong encryption when transmitting data over public networks, including the use of TLS 1.2 and 1.3 protocols, AES-256 encryption and SHA signatures. This is the standard internet communication encryption used by all e-commerce sites, banking and other high security web-based systems.

We use AWS RDS encryption (we encrypt our database and snapshots). Amazon RDS encrypted instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS instance.

Backups

天美网站传媒传媒 maintains nightly backups of all data, database and customer specific files. We maintain redundant copies at a second Canadian hosting provider. In the event of any data loss, we are able to restore our database and other data from these backups. Our development operations team practices data recovery regularly.

Penetration testing

天美网站传媒传媒 regularly performs application and infrastructure penetration testing. Our security and development team review and prioritize any reported findings. All critical and high priority issues are resolved before being released to our production environment.

Network security

天美网站传媒传媒 maintains separate network environments to protect more sensitive data. Systems supporting testing, development, marketing, customer results sites and our corporate network are separate from our production systems. Administration access to our production systems is limited to our development operations team.

Authentication

Where possible, 天美网站传媒传媒 uses multi-factor authentication. This includes administration access to production systems, 3rd-party SaaS providers and internal business systems. 天美网站传媒传媒 encourages employees to use an approved password manager to create complex, unique passwords for all systems and services they use.

The 天美网站传媒传媒 application requires a strong password and is rate limited to prevent against possible attacks.

System monitoring, logging and alerting

天美网站传媒传媒 actively monitors servers, workstations and mobile devices for possible vulnerabilities and attacks. We maintain user activity logs, server logs and audit logs for all systems. Alerts are examined and acted upon based on priority.

Virus scanning

When files are uploaded into the 天美网站传媒传媒 application, they are scanned by our redundant ClamAV instances before they are made available. If a virus is detected, the file is quarantined and a replacement file is put in place to let the exchange leader know to contact our support team. Virus definitions are updated hourly.

Endpoint monitoring and computer security

天美网站传媒传媒 workstations run monitoring tools that can detect malware, virus activity and unsafe configurations. Workstations are required to encrypt data, have strong passwords and lock when idle. Our IT team monitors alerts and resolves any significant issues based on priority.

Mobile device management

Mobile devices that are used at 天美网站传媒传媒 are centrally managed and required to be enrolled in our mobile device management system.

Data confidentiality

Our subscription agreement and terms of use require us to maintain the confidentiality of all 鈥榠nformation鈥� provided by our customers. This 鈥榠nformation鈥� includes both content stored in the 天美网站传媒传媒 application and 鈥榠nformation鈥� provided to us by our customers in phone calls, meetings, email, etc. More information can be found in our .

Protected data and personally identifiable information

天美网站传媒传媒 maintains policies regarding data security and individual privacy protection. We protect our customers鈥� and participants鈥� data with the same care as we protect our own confidential data.

天美网站传媒传媒 has internal controls in place to ensure protected data is safeguarded in accordance with applicable laws based on country, state and provincial regulations, including, but not limited to GDPR, PIPEDA, FERPA, CIPA, PPRA and COPPA.

Participant privacy and terms of use

Our include our privacy policy for participants鈥� information.

In summary, our privacy policy is that participants鈥� input (thoughts, stars or other data they provide) can be made public as part of our process; their identity (email address, name and other identifying information) is shared between our customer and 天美网站传媒传媒. The association of identity to input (i.e. who said what thought) is kept private by us, except as required by legal considerations.

Data removal

Customer and participant data can be removed upon request by contacting our support team. Backups are purged every 30 days. 天美网站传媒传媒 relies on our hosting providers to remove data from disks used by 天美网站传媒传媒 before they are repurposed.

Information security incident management

天美网站传媒传媒 maintains security incident response policies and procedures covering initial response, investigation and customer notification. We review these policies annually.

Breach notification

天美网站传媒传媒 makes its best efforts to protect your data; however no method is perfect, and we cannot guarantee absolute security. If 天美网站传媒传媒 learns of a security breach, we will notify all affected users. Our breach notification procedures are consistent with our country, state and provincial obligations.

3rd-party suppliers

天美网站传媒传媒 relies on 3rd-party suppliers like Amazon Web Services, Microsoft Azure and Sendgrid to provide our services. 天美网站传媒传媒 ensures that our suppliers adhere to our data and confidentiality agreements and perform reviews annually.

天美网站传媒传媒

Legal

Policies