Data Classification Process
We organize all our data by relevant categories, so they may be used and protected more efficiently. It also makes data easier to locate and retrieve. Data classification is of particular importance when it comes to risk management, compliance, and data security. The procedure for classifying all data is documented in high-level documents.
Need to Know Basis Principle
Regardless of their security clearance level or other approvals, all our staff only have access to the information required by their job functions. Anyone who wants to gain more authority or a higher level of access must receive an approval from the Corporate Security.
Business Continuity and Disaster Recovery Plan
We use Business Continuity and Disaster Recovery procedures to minimize the effects of outages and disruptions on business operations and to enable our company to get back on its feet after issues occur. With their help, we reduce the risk of data loss and reputational harm, and improve operations while decreasing the chance of emergencies. This procedure is documented, and we resort to it only in case of serious incidents.
Risk Assessment Process
The main purpose of risk assessment for us is to help our Corporate Security and Technology Departments identify any event that could negatively affect our organization generally and each department in particular. Based on the ISO/IEC 27001:2013 standard requirements, we conduct an annual risk assessment of all departments. This helps us be sure that every department's operations are safe, secure, and cannot become the sources for leaks and breaches.
Incident Response Plan
We have an Incident Response Team that responds to each incident in a timely and continuous manner and monitors the incidents that have already occurred. Incidents can be detected by our IPS/IDS and DLP systems, or personally by management at the time of the incident’s occurrence. Each incident goes through a life cycle, from identifying to closing and taking countermeasures. Each incident is documented, which helps us track its current status and take measures to keep it from reappearing in the future.
Staff Verification and Onboarding Process
When a person passes all interview stages and gets a job offer, they come to the onboarding stage. We review each potential candidate’s history to confirm their professional background and appropriate work experience required for the position. Background check is also a part of the verification process. With its help, we find out if a person has had issues with the law or has a criminal record, which is very important for working with highly secured projects.
Security Awareness and Training Process
All members of the SupportYourApp team receive appropriate security awareness education, training, and regular updates in organizational policies and procedures, as relevant for their job functions. Our awareness program includes training for staff of all positions in different formats (presentations, videos, etc.), verification of the learned material, phishing simulations that simulate scam/spam/fraud attempts and regular awareness mailing. Each team member has their own risk score and dashboard so that they can be monitored by Corporate Security.
companies worldwide have already trusted SupportYourApp