Logo
Login
VIRTUAL TOUR
+1 (800) 826-0777

AlertMedia Security Measures

Supplier’s information security program includes the appropriate technical and organizational measures needed to identify and mitigate threats to the confidentiality, integrity, and accessibility of our customers’ data.

A. Information Security Policies and Standards

Supplier shall maintain information security policies, standards and procedures. These policies, standards and procedures shall be kept up to date, and revised whenever relevant changes are made to the information systems that use or store Customer Personal Data. These policies, standards and procedures shall be designed to:

Prevent unauthorized persons from gaining physical access to Customer Personal Data processing systems (e.g. physical access controls);

Prevent Customer Personal Data processing systems being used without authorization (e.g. logical access control);

Ensure that Data Personnel gain access only to Customer Personal Data if they are entitled to access (e.g. in accordance with their access rights) and that, in the course of Processing or use and after storage, Customer Personal Data cannot be read, copied, modified or deleted without authorization (e.g. data access controls);

Ensure that Customer Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage, and that the recipients of any transfer of Customer Personal Data by means of data transmission facilities can be established and verified (e.g. data transfer controls);

Ensure that audit trails document whether and by whom Customer Personal Data have been entered into, modified, or removed from Processing (e.g. entry controls);

Ensure that Customer Personal Data are Processed solely in accordance with the delivery of the Supplier Services and Customer’s written instructions (e.g. control of instructions);

Ensure that Customer Personal Data are protected against accidental destruction or loss (e.g. availability controls);

Ensure that Customer Personal Data collected for different purposes can be processed separately (e.g. separation controls);

Ensure that Customer Personal Data maintained or processed for different customers is processed in logically separate locations (e.g. data segregation);

Ensure that all systems that Process Customer Personal Data are subject to a secure software developmental lifecycle; and

Ensure that all systems that Process Customer Personal Data are the subject of a vulnerability management program, that includes without limitation internal and external vulnerability scanning with risk rating findings and formal remediation plans to address any identified vulnerabilities.

B. Physical Security

i. General. Supplier shall maintain commercially reasonable security systems at Processing Locations and restrict access to Processing Locations.

ii. Data Centers. Data centers are type of Processing Location that demand special controls. Supplier shall ensure that physical access control has been implemented for all data centers that Process Customer Personal Data; including:

Unauthorized access is prevented through 24×7 onsite staff, biometric scanning and security camera monitoring; and

Audits of the physical security of data centers that Process Customer Personal Data conducted by an independent firm.

C. Organizational Security

i. Supplier shall maintain information security policies and procedures addressing:

Data Disposal. When media are to be disposed of or reused, procedures have been implemented to prevent any subsequent retrieval of any Customer Personal Data stored on them before they are withdrawn from the inventory;

Data Minimization. When media are to leave the premises at which the files are located as a result of maintenance operations, procedures have been implemented to prevent undue retrieval of Customer Personal Data stored on them;

Data Classification. Supplier implements security policies and procedures to classify information assets, clarify security responsibilities and promote awareness for all employees;

Incident Response. All Customer Personal Data security incidents are managed in accordance with appropriate incident response procedures; and

Encryption. All Customer Personal Data is stored and transmitted using industry standard encryption mechanisms and strong cipher suites.

D. Network Security

i. Supplier shall maintain information security policies and procedures addressing network security.

ii. Supplier shall secure its networks employing a defense in depth approach that utilizes commercially available equipment and industry standard techniques, including without limitation firewalls, intrusion detection systems, access control lists and routing protocols.

E. Access Control (Governance)

i. Supplier shall govern access to information systems that Process Customer Personal Data.

ii. Only authorized staff may grant, modify or revoke access to an information system that Processes Customer Personal Data.

iii. User administration procedures are used to: (i) define user roles and their privileges; (ii) govern how access is granted, changed and terminated; (iii) address appropriate segregation of duties; and (iv) define the requirements and mechanisms for logging/monitoring.

iv. All Data Personnel are assigned unique User-IDs.

v. Access rights are implemented adhering to the “least privilege” approach.

vi. Supplier implements commercially reasonable physical and technical safeguards to create and protect passwords.

F. Virus and Malware Controls

i. Supplier protects Customer Personal Data and technical infrastructure from malicious code and shall install and maintain anti-virus and malware protection software on any system that handles Customer Personal Data.

G. Personnel

i. Supplier shall maintain a security awareness program to train all employees about their security obligations. This program includes training about data classification obligations; physical security controls; security practices and security incident reporting.

ii. Supplier has clearly defined roles and responsibilities for employees.

iii. Prospective employees are screened, including background checks for Data Personnel or individuals supporting Customer’s technical environment or infrastructure, before employment and the terms and conditions of employment are applied appropriately.

iv. Data Personnel are required to follow established security policies and procedures. Disciplinary process is applied if Data Personnel fail to adhere to relevant policies and procedures.

H. Business Continuity

i. Supplier implements disaster recovery and business resumption plans. Business continuity plans are tested and updated regularly to ensure that they are up to date and effective.

Discover Everything You Can Accomplish With AlertMedia
See exactly how AlertMedia is built to prepare your organization for the risks of tomorrow, today.
Request Demo

Cookies are required to play this video.

Click the blue shield icon on the bottom left of your screen to edit your cookie preferences.

Cookie Notice