In today’s interconnected and digital world, the protection of sensitive information, assets, and the overall well-being of an organization is paramount. Security breaches, cyberattacks, and data breaches have become increasingly sophisticated, posing significant threats to businesses, government agencies, and individuals alike. To safeguard against these threats and ensure the confidentiality, integrity, and availability of critical resources, impress.ai has established and adhered to a comprehensive security policy.
This Security Policy outlines the measures and guidelines to safeguard data and ensure the security of information stored within our cloud infrastructure. Our commitment is to protect sensitive data, adhere to relevant regulations, and maintain the highest standards of cybersecurity.
2.1 Web Application Firewall (WAF) is in place to protect against web application attacks.
2.2 Data at Rest
All data stored in the cloud is encrypted using the Advanced Encryption Standard (AES-256) encryption algorithm. This encryption is applied to all data repositories to protect information from unauthorized access.
2.3 Data in Transit
Data in transit is transmitted securely over the network using the HTTPS protocol. This ensures that data remains confidential and secure during transmission.
3.1 Cloud Services
Measures are in place to continuously monitor and identify unauthorized or suspicious activities within our cloud. This proactive approach helps us detect and respond to security incidents promptly.
Leveraging cloud services for monitoring and detection enhances real-time visibility, scalability, and efficiency in identifying and responding to security threats and operational issues.
3.2 Vulnerability Management.
Regular Vulnerability Assessment and Penetration Testing (VAPT) are conducted to identify vulnerabilities within the system and this is done by a CREST accredited vendor. Security operating system and database hardening, including patching and antivirus/spyware scanning activities, are performed regularly.
All employees are required to undergo cybersecurity training to ensure they understand the importance of data security and their role in protecting sensitive information. This training includes:
– Secure password practices
– Recognition and prevention of social engineering scams
– Identifying and mitigating phishing attacks
Employees receive ongoing education and awareness updates to stay informed about emerging threats and best practices in cybersecurity. Also, phishing email simulations are conducted to enhance the employee’s awareness and resilience to phishing attacks and thereby improve the overall cybersecurity posture of the organization.
Access privileges and system rights are granted on a need-to-know basis. This ensures that only authorized individuals can access sensitive information or perform critical tasks. Access is strictly controlled and monitored. Regular reviews of access controls and logs are conducted to validate that access privileges remain appropriate and to identify and address any discrepancies or anomalies promptly.
We have earned the AWS qualified software badge, which demonstrates our expertise in designing and implementing secure software solutions within the AWS environment.
We are compliant with the following international standards:
– ISO 27001: This certification demonstrates our commitment to information security management systems (ISMS).
– ISO 27017: This certification covers cloud security and ensures the protection of sensitive information in the cloud.
– ISO 27018: This certification focuses on the protection of personal data in the cloud.
– ISO 9001: This certification signifies our commitment to quality management.
We successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit which attests to our compliance with industry standards for security, availability, processing integrity, confidentiality, and privacy of customer data.
This Security Policy will be reviewed regularly to ensure it remains effective and aligned with evolving security best practices and regulatory requirements. Any updates or amendments will be communicated to all relevant stakeholders.
Security is a top priority for impress.ai, and this Security Policy serves as our commitment to maintaining the highest standards of data protection and cybersecurity. All employees are expected to adhere to these policies and guidelines to ensure the security and integrity of our data and systems.