Versions Compared

Old Version 2

changes.mady.by.user Jack Hunter

Saved on

compared with

New Version Current

changes.mady.by.user Gebsun

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

This is a draft document

Info

This document describes security details of the services provided by Gebsun.


General Security




GS1Describe your security incident response process (data breach, malware/viruses, unauthorized access, etc.)

We are available XXXXXXXXXXXX

instant backup of:

database

logs

change of passwords

GS2Does security incident response process include appropriate notifications to affected clients/users?Yes, we do inform affected customers so they can take appropriate security steps on their side. For security reasons we do not share information outside the company.
GS3Describe employee security awareness, training and certification processAll the employees pass security awareness training and all security incidents are assessed by the whole team responsible for affected service.
GS4Are documented security policies issued, updated and acknowledged by all employees?Yes, all employees must pass security awareness training and acknowledge security policy.
GS5Do you have documented vulnerability management process and procedures?

We rely on our infrastructure providers for vulnerability management (we do not store any data on our own servers):

GS6Do you have a documented Privacy Policy? Is there internal monitoring for compliance with Privacy Policies and procedures?

Yes privacy policy is documented. XXXX

We store data on third-party vendors servers and we rely on their privacy policy:

GS7If you are based in the U.S. and collect, use or retain personal data from European Union member countries or Switzerland, do you comply with the U.S. - E.U. Safe Harbor Framework and the U.S. - Swiss Safe Harbor Framework? Have you certified that you adhere to the Safe Harbor Privacy Principles of notice, We are based in EU.
GS8Does your infrastructure or your data centers have current security controls certifications, such as SSAE16/SOC1, SOC2, ISO 27001? Upon request can you provide a recent audit report?We do not own datacenter. All the infrastructure and data is managed by third-party providers, i.e. OpenShift, mLab and Atlassian.

...