Limitations of Privilege & Authorization Requirements. Integration access: A subset of ▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇ employees have access to the Integrations and to Customer Data via controlled interfaces. The intent of providing access to a subset of employees is to provide effective customer support, to troubleshoot potential problems, to detect and respond to security incidents and implement data security.. Employees are granted access by role, and roles are reviewed at least once every six (6) months. Background checks: All ▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇ employees undergo a third-party background check prior to being extended an employment offer, in accordance with and as permitted by the applicable laws. All employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards. In-transit: We make HTTPS encryption (also referred to as SSL or TLS) available on every one of our login interfaces. Our HTTPS implementation uses industry standard algorithms and certificates. At-rest: We store user passwords following policies that follow industry standard practices for security. We have implemented technologies to ensure that stored data is encrypted at rest. Detection: We designed our infrastructure to log extensive information about the system behavior, traffic received, system authentication, and other application requests. Internal systems aggregated log data and alert appropriate employees of malicious, unintended, or anomalous activities. ▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇ personnel, including security, operations, and support personnel, are responsive to known incidents. Response and tracking: We maintain a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, we will take appropriate steps to minimize Integration and Subscriber damage or unauthorized disclosure. Notification to you will be in accordance with the terms of the DPA or Agreement. Infrastructure availability: The infrastructure providers use commercially reasonable efforts to ensure a minimum of 99.95% uptime. The providers maintain a minimum of N+1 redundancy to power, network, and HVAC services. Fault tolerance: Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure.
Appears in 2 contracts
Sources: Data Processing Agreement, Data Processing Agreement