Synk.to is committed to protection and due use of customer data. Our platform is designed to ensure the privacy and security of our platform end users. As a company committed to the security of our client's data, we implement and maintain the following physical, administrative and technical controls to safeguard data while in transit and at rest.
1.1 Synk.to maintains and enforces a risk-based security program and framework that addresses how we manage security. Synk.to’s security framework is based on the ISO 27001 Information Security Management System and includes the following areas: Policies and Procedures, Asset Management, Access Management, Cryptography, Physical Security, Operations Security, Communications Security, Business Continuity Disaster Recovery Security, People Security, Product Security, Cloud and Network Infrastructure Security, Security Compliance, Third-Party Security, Vulnerability Management, and Security Monitoring and Incident Response.
1.2 Our security program includes:
2.1 Synk.to utilizes an integrated risk management approach with a focus on both technical and operational security practices. Ongoing and systematic risk assessment is a consistent part of selecting appropriate improvement protection controls and ensuring that Personal Data is safe.
2.2 Synk.to takes reasonable actions to identify assets and their level of criticality. The full inventory and categorization are the basis to select and implement optimal technical and organizational security measures to make sure that the assets and information are protected.
3.1 Synk.to’s personnel (employees and contractors) do not process Personal Data without authorization. Personnel isare obligated to maintain the confidentiality of any Personal Data and this obligation continues even after their engagement ends.
3.2 Synk.to’s personnel (employees and contractors) acknowledge their data security and privacy responsibilities under Synk.to’s policies.
3.3 Synk.to is focused on employee security awareness as a key driver to improve overall security maturity level and culture. Synk.to’s personnel (employees and contractors) conduct security and privacy training at least annually.
4.1 Synk.to manages access based on “Need to know” and “Least privilege” principles. That means that personnel is only permitted to have access to customer data when needed for the performance of their functions.
4.2 Synk.to deactivates the authentication credentials of personnel immediately upon the termination of their employment or services.
4.3 In order to access the production environment and critical systems, a user must have a unique username and password and multi-factor authentication enabled.
4.4 Synk.to implements measures to prevent information systems from being used by unauthorized persons, including the following measures (a) user identification and authentication procedures; (b) unique username/password (c) password complexity policies (special characters, minimum length, change of password) (c) automatic blocking (e.g., password or timeout).
4.5 Synk.to performs access monitoring and logging for the production environment and critical systems.
5.1 Synk.to has implemented and will maintain appropriate technical and application security measures, internal controls, and information security routines intended to protect Personal Data against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows:
6.1 Synk.to may use third- party providers to provide the Services. In selecting third- party providers who may gain access to, store, transmit or use Personal Data, Synk.to conducts a quality and security assessment pursuant to the provisions of its standard operating procedures.
6.2 Synk.to enters into written agreements with all of its providers which include confidentiality, privacy, and security obligations that provide an appropriate level of protection for Personal Data that these providers may Process.
7.1 Synk.to uses AWS data centers to host its production infrastructure. AWS data centers are strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Each data center has redundant electrical power systems that are available twenty-four (24) hours a day, seven (7) days a week.
7.2 Synk.to reviews third-party audit reports to verify that Synk.to’s service providers maintain appropriate physical access controls for the managed data centers.
8.1 Synk.to implements measures to ensure the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident, including:
9.1. Synk.to implements security incident management policies and procedures that address how we manage Data Breach and other security incidents.
9.2. In case of Data Breach Synk.to will promptly investigate the incident upon discovery. To the extent permitted by applicable law, Synk.to will notify Customer of a Data Breach. Data Breach incident notifications will be provided to Customers via email or in the other way agreed with Customer.