At Ambassify we have appropriate TOMs in place which will help us to prevent data breaches and ensures compliance with the principle of data protection by design.
Technical measures
Measures | Description |
Cybersecurity | Firewalls, Pathing and keeping system and software up to date |
Encryption and pseudonymisation | All data gets encrypted both in transit and in rest. Data gets pseudonymized where possible. |
Physical security | All office spaces are physically secured using locks, alarms, CCTV and access logs. |
Appropriate disposal | Disposal of devices that contain data should be done according to our policies |
Logging and monitoring | All system, access, performance logs are centralized and backup to a tamper proof storage |
Passwords | Strong unique passwords are required for every login and 2FA is enabled where possible. We also require all employees to work with a password manager. |
Access rights | We grant access on a need-to-know basis |
Backup Policy | Read Policy |
Data Protection Policy | Read Policy |
Data Destruction Policy | Read Policy |
Organisational measures
Measures | Description |
Awareness & Training | At Ambassify we stimulate a culture of security and data protection awareness that ensures that employees know the legal requirements and what is expected of them. Security and data protection is not a one-man-show, every employee has a role to play. Regular and ongoing training as well as raising awareness activities are an effective measure that we have in place at Ambassify. |
Review & audit | We have controls and audits in place to evaludate the effectiveness of our policies and measures. Improvements are made were possible. |
Due diligence | We do a thorough due diligence on all processors before we commit. |
Well defined roles | Roles and responsibilities related to security and privacy are formalized and documented |
Breach Policy | Read Policy |
Data Retention Policy | Read Policy |
Disaster Recovery Policy | Read Policy |
Incident Response Policy | Read Policy |
Information Classification Policy | Read Policy |
Information Security Policy | Read Policy |
Record Retention and Destruction Policy | Read Policy |
System Access Policy | Read Policy |