Security Policy
Introduction
Signatoree is committed to ensuring the security of our users' data. We take extensive measures to protect the confidentiality, integrity, and availability of your information. This Security Policy outlines our approach to safeguarding your data and the steps we take to ensure our services are secure.
Information Security Governance
We have established a comprehensive information security governance framework to guide our security efforts, including:
- Security Policies and Procedures: We maintain and regularly update a set of security policies and procedures that align with industry best practices and standards.
- Risk Management: We conduct regular risk assessments to identify, evaluate, and mitigate potential security risks.
- Compliance: We comply with applicable laws, regulations, and standards related to data security and privacy.
Access Control
To ensure that only authorized individuals have access to our systems and data, we implement the following access control measures:
- User Authentication: We require strong, multi-factor authentication for accessing our systems and services.
- Role-Based Access Control (RBAC): Access to data and systems is granted based on job roles and responsibilities, following the principle of least privilege.
- Access Reviews: We perform regular reviews of user access rights to ensure compliance with our access control policies.
Data Protection
We employ robust measures to protect the data we collect and process:
- Data Encryption: We use strong encryption methods (AES-256) to protect data both in transit and at rest.
- Data Segmentation: Sensitive data is segmented and stored separately to minimize exposure.
- Data Backup: We perform regular data backups and store them securely to ensure data availability and integrity in case of an incident.
Network Security
- Firewalls and Intrusion Detection Systems (IDS): We deploy firewalls and IDS to monitor and control incoming and outgoing network traffic.
- Secure Communication: We use secure communication protocols (e.g., TLS) to protect data transmitted over the internet.
- Network Segmentation: We segment our network to isolate critical systems and limit the potential impact of a security breach.
Application Security
- Secure Coding Practices: Our developers follow secure coding practices and guidelines to prevent common vulnerabilities.
- Code Reviews and Testing: We conduct regular code reviews, vulnerability assessments, and penetration testing.
- Third-Party Components: We assess and monitor third-party components and libraries for security vulnerabilities.
Incident Response
- Incident Detection and Monitoring: We continuously monitor our systems for signs of security incidents.
- Incident Response Team: We have a dedicated incident response team trained to handle security incidents.
- Incident Reporting and Notification: We have procedures in place for reporting security incidents.
Employee Training and Awareness
- Security Training: All employees receive regular training on security policies and procedures.
- Phishing Awareness: We conduct regular phishing awareness campaigns.
- Security Policies: Employees must acknowledge and adhere to our security policies.
Physical Security
- Access Controls: We use access control systems to restrict access to our facilities.
- Surveillance: Our facilities are equipped with surveillance cameras and monitored 24/7.
- Environmental Controls: We maintain appropriate environmental controls to protect our hardware and data.
Our Security Disclaimers
- Third parties whose systems we link to are responsible for their own security measures.
- While we use reasonable endeavors to protect our website and your information, we cannot guarantee against all harmful code.
- We cannot take responsibility for problems caused by compromised user computers or circumstances beyond our control.
User Responsibilities
Users of Signatoree also have a role to play in ensuring the security of their information. As a user, you are responsible for:
- Protecting Your Credentials: Keep your login credentials confidential.
- Using Strong Passwords: Create strong, unique passwords and update them regularly.
- Reporting Suspicious Activity: Immediately report any security incidents.
- Keeping Software Updated: Maintain up-to-date security software.
- Regular Scans: Run regular virus scans on your computer.
- Phishing Prevention: Only access the website through secure URLs on the signatoree.com domain.
