At Ambassify we have appropriate TOMs in place which will help us to prevent data breaches and ensures compliance with the principle of data protection by design.
Technical measures
| Measures | Description |
| Cybersecurity | Firewalls, Pathing and keeping system and software up to date |
| Encryption and pseudonymisation | All data gets encrypted both in transit and in rest. Data gets pseudonymized where possible. |
| Physical security | All office spaces are physically secured using locks, alarms, CCTV and access logs. |
| Appropriate disposal | Disposal of devices that contain data should be done according to our policies |
| Logging and monitoring | All system, access, performance logs are centralized and backup to a tamper proof storage |
| Passwords | Strong unique passwords are required for every login and 2FA is enabled where possible. We also require all employees to work with a password manager. |
| Access rights | We grant access on a need-to-know basis |
| Backup Policy | Read Policy |
| Data Protection Policy | Read Policy |
| Data Destruction Policy | Read Policy |
Organisational measures
| Measures | Description |
| Awareness & Training | At Ambassify we stimulate a culture of security and data protection awareness that ensures that employees know the legal requirements and what is expected of them. Security and data protection is not a one-man-show, every employee has a role to play. Regular and ongoing training as well as raising awareness activities are an effective measure that we have in place at Ambassify. |
| Review & audit | We have controls and audits in place to evaludate the effectiveness of our policies and measures. Improvements are made were possible. |
| Due diligence | We do a thorough due diligence on all processors before we commit. |
| Well defined roles | Roles and responsibilities related to security and privacy are formalized and documented |
| Breach Policy | Read Policy |
| Data Retention Policy | Read Policy |
| Disaster Recovery Policy | Read Policy |
| Incident Response Policy | Read Policy |
| Information Classification Policy | Read Policy |
| Information Security Policy | Read Policy |
| Record Retention and Destruction Policy | Read Policy |
| System Access Policy | Read Policy |