The purpose of this Security Policy is to guarantee that the criteria of information Confidentiality, Integrity and Availability are met, as well as to continue delivering the services offered to our clients should disruptive events occur relating to such.
This policy defines a set of principles applicable to all components and systems involved in the hosting service.
We limit access to personal data by implementing appropriate access controls.
We regularly back-up User Personal Data. Back-ups are encrypted and stored separately.
We have a monitoring and alert system to identify possible issues that could happen in the platform.
We have in place processes to securely remove all personal data before disposing of IT systems (for example, by using appropriate technology to purge equipment of data and/or destroying hard disks).
We use encryption technology where appropriate to protect User Personal Data held electronically.
We will implement appropriate controls to secure User Personal Data during transmission or transit.
Data is always transmitted encrypted from the client to our end, and also from us to different providers.
We will remove unused software and services from devices used to process User Personal Data. Default passwords that are provided by hardware and software producers will not be used.
In order to ensure high security standards NAILTED has undergone cybersecurity audits by https://atalantago.com/.
We encourage a “security culture” both internally, in relation to all staff, and externally, in relation to clients and providers.
We have a team in charge of reviewing and managing alerts and/or notifications regarding security flaws and/or possible bugs.
We perform automated testing before any change is deployed to production. Exceptions and logs are fully anonymised.
By internal policies, in case a security issue happens, those will be immediately prioritized. The access to the production environment and the customer data is protected by 2-factor authentication.
All changes in the code are tested, reviewed and properly logged, we use Github as a SCM.
Deployments are automated and the members of Nailted are not performing any manual task inside the production servers.
This document’s last update: April 2021