Technical and organizational security measures
This document describes the technical and organizational security measures and controls implemented by Linkfire to protect the data our customers entrust to us as part of the Linkfire services.
Organization of Information Security
To outline Linkfire’s information security structure.
- Linkfire employs full-time dedicated Personnel responsible for information security.
- The information security function reports directly to the Linkfire senior leadership team.
- Linkfire has a comprehensive set of information security policies, approved by senior management and disseminated to all Personnel.
- All Linkfire Personnel have signed legally reviewed confidentiality agreements.
- All Linkfire Personnel are given training in information security.
- Linkfire has a central, secure repository of product source code, which is accessible only to authorized Personnel.
- Linkfire has a formal application security program and employs a robust, secure Software Development Lifecycle (SDL).
- All changes to software on the Linkfire Service are via a controlled, approved release mechanism within a formal change control program.
Access: Physical Security
Linkfire uses certified cloud provider data centers to protect the physical assets that contain Customer Data. Physical access is strictly controlled both at the perimeter and at building entrance points by professional security staff using video surveillance, state-of-the-art intrusion detection systems, biometric locks, and other electronic means. Only authorized personnel have access to the data centers.
- The Linkfire Service operates from certified third-party production cloud providers with a defined and protected physical perimeter, strong physical controls including access control mechanisms, controlled delivery and loading areas, surveillance, and security guards.
- Each Data Center is audited for compliance with Linkfire security controls.
- Each cloud provider has a zero-access policy towards physical access to facilities.
- Power and telecommunications cabling carrying Customer Data or supporting information services at the production cloud providers are protected from interception, interference, and damage.
- The production data centers and their equipment are physically protected against natural disasters, unauthorized entry, malicious attacks, and accidents.
- Equipment at the production data center is protected from power failures and other disruptions caused by failures in supporting utilities and is appropriately maintained.
For more information, please contact firstname.lastname@example.org.
Access: System and Data Access
To ensure systems containing Customer Data are used only by approved, authenticated users and that the Customer Data that they are authorized to access is done so securely.
- Access to Linkfire systems is granted only to Linkfire Personnel and/or to permitted employees of Linkfire and access is strictly limited as required for those persons to fulfill their function.
- All users access Linkfire systems with a unique identifier (UID).
- Linkfire has established a password policy that prohibits the sharing of passwords and requires passwords to be changed on a regular basis and default passwords to be altered. All passwords must fulfill defined minimum complexity requirements and are stored in encrypted form.
- Access to systems containing Customer Data is only possible through a secure office network or VPN tunnel.
- Linkfire has a comprehensive process to deactivate users and their access when Personnel leaves the company or a function.
- All access or attempted access to systems is logged and monitored.
- Linkfire restricts Personnel access to Customer Data on a “need-to-know” role basis based on this justification.
- Personnel training covers access rights to and general guidelines on definition and use of Customer Data.
To ensure Customer Data remains confidential throughout the processing and remains intact, complete and current while protecting from accidental destruction or loss.
- Customer access to the Linkfire Service portals is protected by the most current version of Transport Layer Security (TLS).
- Linkfire uses Strong Encryption in the transmission of Customer Data within our production data centers.
- Linkfire uses proactive security measures that identify at-risk data and implement effective data protection for data in transit and at rest.
- Data at rest is encrypted with industry-standard AES-256
- Linkfire uses a high level of redundancy when storing Customer Data. Customer Data is stored across two geographically separate data centers using multiple separate cross connections.
- Linkfire maintains a robust Business Continuity/Disaster Recovery program including:
- Well defined and updated plans.
- Regular Testing and retrospectives.
- Linkfire employs Network Level and host-based firewalls to block unauthorized system access.
- Networks are continuously scanned to immediately detect any potential misconfiguration with our infrastructure.
- All infrastructure is built to be replaced or rebuilt at a moment’s notice with 0 data loss.
- Operating systems are patched and managed and tested strictly through configuration management systems.
In the event of any security breach of Customer Data, the effect of the breach is minimized and the Customer is promptly informed.
- Linkfire maintains an up-to-date incident response plan that includes responsibilities, how information security events are assessed and classified as incidents and response plans and procedures.
- Linkfire regularly tests its incident response plan with “table-top” exercises and learns from tests and potential incidents to improve the plan.
- In the event of a security breach, Linkfire will notify Customers without undue delay after becoming aware of the security breach.
To ensure Linkfire regularly test, assess, and evaluates the effectiveness of the technical and organizational measures outlined above.
- Linkfire conducts regular audits of its security policies and practices.
- Linkfire ensures that Personnel is aware of and comply with the technical and organizational measures set forth in the Information Security Policy.
Any further questions can be sent to email@example.com.