Information Security Policy for ZenduIT
This Information Security Policy outlines the methods and responsibilities to safeguard data within our application ecosystem. Ensuring the confidentiality, integrity, and availability of data is fundamental to maintaining trust and compliance with industry standards.
Scope
This policy applies to all data stored in Google Cloud Platform (GCP) buckets and MongoDB Cloud instances that are part of the application ecosystem. This includes all personnel who create, manage, or interact with this data.
Data Encryption & Cryptography
At Rest:
- Google Cloud Platform (GCP) Buckets: All data stored in GCP buckets is encrypted at rest using industry-standard encryption methods to protect data from unauthorized access.
- MongoDB Cloud: Data stored in MongoDB Cloud is encrypted at rest using AES-256-CBC encryption, ensuring robust security against unauthorized data breaches.In Transit:
- All data transmitted across networks is encrypted using HTTPS protocols and AES-256 encryption standards to prevent interception by unauthorized entities.
Data Replication, Business Continuity and Disaster Recovery
Data is replicated across multiple geographic regions in both GCP buckets and MongoDB Cloud. This replication strategy supports our Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), ensuring data availability and durability in the event of regional failures or catastrophic events.
Access Control
- Access to data within GCP buckets and MongoDB Cloud is strictly governed by role-based access control (RBAC) systems. Access permissions are granted based on the principle of least privilege, ensuring individuals have access only to data necessary for their role and responsibilities.
- Continuous monitoring of access patterns is conducted to ensure compliance with this policy and to identify and respond to unauthorized access attempts.
Monitoring and Compliance
- Quarterly audits are conducted to ensure that encryption protocols and access controls are effectively protecting data within our ecosystem.
- Any deviations from expected encryption and access control practices are logged and investigated as potential security incidents.
Incident Response
- A predefined incident response protocol is in place to address potential security breaches or data exposure incidents. This protocol includes steps for containment, eradication, recovery, and post-incident analysis to prevent future occurrences.
- All incidents must be reported to our security team immediately upon discovery.
- The incident policy can be accessed via the following: https://connect.zoho.com/portal/intranet/manual/platform-technical-organizational-data-security/article/cryptography-encryption
Policy Enforcement
- The Security Team is responsible for enforcing this policy. Non-compliance with this policy can result in disciplinary action, up to and including termination of employment.
- Employees are required to participate in security awareness and training programs to understand their responsibilities under this policy.
Review and Revision
- This policy will be reviewed annually or in response to significant changes to the technology landscape, organizational structure, or compliance requirements.
- Any amendments to this policy will be documented and communicated to all affected parties.
Approval and Implementation
This policy is approved by the leadership and is effective immediately. All existing and new data storage and processing practices must conform to this policy without exception. Any changes to this policy shall me communicated in due time.
Related Articles
Information Security Policy for ZenduIT
Purpose This Information Security Policy outlines the methods and responsibilities to safeguard data within our application ecosystem. Ensuring the confidentiality, integrity, and availability of data is fundamental to maintaining trust and ...
ZenduIoT Admin Portal User Guide - Zenduit
ZenduIoT Admin Portal User Guide By Zenduit Table of Contents Introduction 3 Getting started 3 Setup Stages 3 Resellers Module 4 Adding a Reseller 5 Reseller > Account Details 5 Reseller > White Labelling 6 Reseller > Customer Management 6 Reseller > ...
ZenduiT - Customer Service Level Agreement (SLA)
Service Level Agreement (SLA) Guide for ZenduIT Support ZenduIT is committed to providing timely and efficient support to ensure smooth operations for our customers. ZenduiT promises to uphold for its customers to provide excellent support and ...
Zenduit Trax Portal Whitelabelling
We provide Whitelabelling solution to Trax plaform. Please provide logo dimensions of 400x400 pixel max dimensions. Email support@zenduit.com with your logo, support email, support phone and billing contact to apply to your reseller account. Please ...
Trax Reseller Basic Troubleshooting Steps
As a Zenduit Reseller you are expected to provide first level of support to your customer. By ensuring the following items are checked prior to opening a ticket with Zenduit Support. Maybe you can make a little video or gif about how to identify a ...