Data Security
Identity Validation
Entity ensures that logical access provisioning to critical systems requires approval from authorized personnel on an individual need or for a predefined role.
Termination of Employment
Entity ensures logical access that is no longer required in the event of termination is made inaccessible in a timely manner.
Production Databases Access Restriction
Entity ensures that access to the production databases is restricted to only those individuals who require such access to perform their job functions
Multi-factor Authentication
Entity requires that all staff members with access to any critical system be protected with a secure login mechanism such as Multifactor-authentication.
User Privileges Review
Entity's Senior Management or the Information Security Officer periodically reviews and ensures that access to the critical systems is restricted to only those individuals who require such access to perform their job functions.
User Access Reviews
Entity's Senior Management or the Information Security Officer periodically reviews and ensures that administrative access to the critical systems is restricted to only those individuals who require such access to perform their job functions.
Encrypting Data At Rest
Entity has set up cryptographic mechanisms to encrypt all production database[s] that store customer data at rest.
Inventory of Infrastructure Assets
Entity develops, documents, and maintains an inventory of organizational infrastructure systems, including all necessary information to achieve accountability.
Data Backups
Entity backs up relevant user and system data regularly to meet recovery time and recovery point objectives and verifies the integrity of these backups.
Testing for Reliability and Integrity