top of page

Security

Security Statement Regarding Client Info

Overview

We have highlighted key details about our security practices below:
 

Effective Date: 1/1/22

At AliasNow.com, we are committed to safeguarding the security, privacy, and integrity of the information entrusted to us. This policy outlines our approach to information security and privacy, detailing the measures we implement to protect our data, systems, and operations in alignment with industry standards, laws, and best practices. By using our services, you agree to the terms outlined below.

Information Classification and Protection

Information at AliasNow.com is classified based on its sensitivity:

  • Public: Freely available to the public.

  • Internal: Intended for employees and authorized stakeholders.

  • Confidential: Sensitive business, client, or personal data requiring heightened protection.

  • Restricted: Highly sensitive information, such as financial data, with the strictest access controls.

To protect classified information, we employ encryption, access controls, and monitoring to prevent unauthorized access, modification, or disclosure.

Security in Human Resources

Security is integrated into our human resource processes:

  • Pre-employment Screening: Background checks and confidentiality agreements are required for all prospective employees.

  • Security Training: Employees receive regular training on data protection and incident response.

  • Termination Procedures: Access rights are promptly revoked upon termination.

Physical Security Requirements

Our physical security measures protect data centers and offices:

  • Access Control: Restricted to authorized personnel.

  • Monitoring: Security cameras and monitoring tools track access to secure locations.

  • Visitor Management: Visitors must be logged and escorted in secure areas.

Acceptable Use of Information and IT Devices

Users are expected to use information and IT devices responsibly:

  • Prohibited Activities: Unauthorized access and illegal use of data are strictly forbidden.

  • Monitoring: All IT assets are subject to monitoring for compliance with security policies.

Access Control

Access to information is based on the principle of least privilege:

  • Role-Based Access: Users are granted access only to the information necessary for their role.

  • Multi-Factor Authentication (MFA): MFA is required for sensitive system access.

  • Regular Audits: Access permissions are regularly reviewed for compliance.

Password Policy

Strong password practices are required to protect our systems:

  • Complexity Requirements: Passwords must be at least 12 characters long, with a combination of letters, numbers, and symbols.

  • Rotation: Passwords must be changed every 90 days.

  • Storage: Passwords are securely stored using cryptographic hash functions.

Authorized and Unauthorized Use and Disclosure of Data

Clear guidelines define the authorized use and disclosure of data:

  • Authorized Use: Data may only be used for legitimate business purposes.

  • Unauthorized Use: Sharing or accessing data without authorization is prohibited.

  • Data Sharing: Personal data is shared with third parties only when required by law or with explicit user consent.

Software Development

We integrate security into our software development processes:

  • Secure Coding Practices: Our developers follow secure coding standards to minimize vulnerabilities.

  • Code Review: Code is reviewed for security risks before deployment.

  • Vulnerability Testing: Regular testing and vulnerability assessments are conducted.

Cryptography

We use cryptographic controls to protect data confidentiality and integrity:

  • Encryption: Sensitive data is encrypted both in transit and at rest using industry-standard algorithms.

  • Key Management: Encryption keys are securely managed and rotated regularly.

Incident Management and Response

Defined procedures ensure timely response to security and privacy incidents:

  • Incident Detection: Continuous monitoring detects and reports potential incidents.

  • Incident Response Team: A dedicated team investigates and addresses incidents.

  • Notification Procedures: Affected parties are notified in accordance with applicable laws in case of a significant breach.

Compliance with Laws and Regulations

We comply with all relevant data protection and privacy laws:

  • GDPR, CCPA, HIPAA: We adhere to key privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

  • Legal Requests: Personal data is disclosed only in response to valid legal requests, and affected parties are notified when permissible.

Retention and Destruction of Data

Strict guidelines govern data retention and destruction:

  • Retention Periods: Data is retained only as long as necessary to fulfill its purpose or to comply with legal obligations.

  • Data Destruction: When no longer needed, data is securely destroyed using appropriate techniques to prevent recovery.

Business Continuity and Disaster Recovery

Our Business Continuity and Disaster Recovery (BCDR) plans ensure operational resilience:

  • Recovery Objectives: Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) minimize downtime and data loss in case of a disruption.

  • Backup Systems: Regular backups of critical data are maintained to ensure swift recovery.

  • Testing: BCDR plans are tested annually to ensure their effectiveness.

bottom of page