| Note |
|---|
This is a draft document |
| Info |
|---|
This document describes security details of the services provided by Gebsun. |
General Security
| GS1 | Describe your security incident response process (data breach, malware/viruses, unauthorized access, etc.) | We are available XXXXXXXXXXXX instant backup of: database logs change of passwords |
| GS2 | Does security incident response process include appropriate notifications to affected clients/users? | Yes, we do inform affected customers so they can take appropriate security steps on their side. For security reasons we do not share information outside the company. |
| GS3 | Describe employee security awareness, training and certification process | All the employees pass security awareness training and all security incidents are assessed by the whole team responsible for affected service. |
| GS4 | Are documented security policies issued, updated and acknowledged by all employees? | Yes, all employees must pass security awareness training and acknowledge security policy. |
| GS5 | Do you have documented vulnerability management process and procedures? | We rely on our infrastructure providers for vulnerability management (we do not store any data on our own servers): |
| GS6 | Do you have a documented Privacy Policy? Is there internal monitoring for compliance with Privacy Policies and procedures? | Yes privacy policy is documented. XXXX We store data on third-party vendors servers and we rely on their privacy policy: |
| GS7 | If you are based in the U.S. and collect, use or retain personal data from European Union member countries or Switzerland, do you comply with the U.S. - E.U. Safe Harbor Framework and the U.S. - Swiss Safe Harbor Framework? Have you certified that you adhere to the Safe Harbor Privacy Principles of notice, | We are based in EU. |
| GS8 | Does your infrastructure or your data centers have current security controls certifications, such as SSAE16/SOC1, SOC2, ISO 27001? Upon request can you provide a recent audit report? | We do not own datacenter. All the infrastructure and data is managed by third-party providers, i.e. OpenShift, mLab and Atlassian. |
...