At Ambassify we have appropriate TOMs in place which will help us to prevent data breaches and ensures compliance with the principle of data protection by design.

Technical measures

Measures Description
Cybersecurity Firewalls, Pathing and keeping system and software up to date
Encryption and pseudonymisation All data gets encrypted both in transit and in rest. Data gets pseudonymized where possible.
Physical security All office spaces are physically secured using locks, alarms, CCTV and access logs.
Appropriate disposal Disposal of devices that contain data should be done according to our policies
Logging and monitoring All system, access, performance logs are centralized and backup to a tamper proof storage
Passwords Strong unique passwords are required for every login and 2FA is enabled where possible. We also require all employees to work with a password manager.
Access rights We grant access on a need-to-know basis
Backup Policy Read Policy
Data Protection Policy Read Policy
Data Destruction Policy Read Policy

Organisational measures

Measures Description
Awareness & Training At Ambassify we stimulate a culture of security and data protection awareness that ensures that employees know the legal requirements and what is expected of them. Security and data protection is not a one-man-show, every employee has a role to play. Regular and ongoing training as well as raising awareness activities are an effective measure that we have in place at Ambassify.
Review & audit We have controls and audits in place to evaludate the effectiveness of our policies and measures. Improvements are made were possible.
Due diligence We do a thorough due diligence on all processors before we commit.
Well defined roles Roles and responsibilities related to security and privacy are formalized and documented
Breach Policy Read Policy
Data Retention Policy Read Policy
Disaster Recovery Policy Read Policy
Incident Response Policy Read Policy
Information Classification Policy Read Policy
Information Security Policy Read Policy
Record Retention and Destruction Policy Read Policy
System Access Policy Read Policy