Has anyone dealt with that? I am lost.
Do you currently have an Information Security Framework in place? An Information Security Framework (ISF) or Cybersecurity Framework (CSF) is a comprehensive plan for designing, enacting and operating effective security for your organization.
Data Protection Assessment BotDo you have a SOC2, ISO27001, or ISO27018 certificate that is currently valid? If yes, then please note that those are considered an Information Security Framework. Please revise your answer here and upload a copy of your certificate.
If you do not have a certificate, do you take any of the following steps to protect the security of Platform Data? If yes, please list all items that apply
- [A] Enforce encryption at rest for all Platform Data storage (e.g., all database files, backups, object storage buckets)
- [B] Enforce TLS 1.2 encryption or greater for all network connections where Platform Data is transmitted
- [C] Test your app and systems for vulnerabilities and security issues at least every 12 months
- [D] Protect sensitive data like credentials and access tokens
- [E] Test your incident response systems and processes at least every 12 months
- [F] Require multi-factor authentication for remote access
- [H] Have a system for maintaining accounts (assigning, revoking, reviewing access and privileges)
- [I] Have a system for keeping system code and environments updated, including servers, virtual machines, distributions, libraries, packages, and anti-virus software
- [J] Have a system in place for logging access to Platform Data and tracing where Platform Data was sent and stored
- [K] Monitor transfers of Platform Data and key points where Platform Data can leave the system (e.g., third parties, public endpoints)
- [L] Have an automated system for monitoring logs and other security events, and to generate alerts for abnormal or security-related events