Company logo

Security

We understand how much data security and privacy mean to your company. At Poslog, we take data privacy and security very seriously. We constantly improve our security measures, and we'd love to share more details to show you how we take protecting the data you trust us with.

User Access Control

  • Access on a need-to-know basis. Our team members only have access to the information that their job function requires, regardless of their security clearance level or other approvals.
  • Logical access restriction. Our team members have restrictive access to data based on identification, authentication, and authorization systems.
  • Multi-factor authentication. We use a multi-step account login process to require employees to enter more information than just a password for authentication.
  • Prohibition of shared accounts. Our team members have unique accounts to log into systems and apps and we avoid sharing passwords.
  • Regular access review. We conduct periodic reviews on who has access privileges to digital assets in the organization.
  • SSO authentication. Our team members can log in once and access services without re-entering authentication factors to reduce risk for access to 3rd-party sites.
  • Strong password policy. We have strong guidelines for password management to ensure that all passwords used within the organization are secure and resistant to common attacks.

Software Protection Measures

  • Antivirus on devices. We equip all devices with antivirus software or applications.
  • Software security updates. We have security updates on all software.

System and Network Protection

  • Firewall on internet traffic. We have firewall monitors and filters for our incoming and outgoing internet traffic.
  • Remote access authorization process. Only authorized persons have the ability to access a computer or network from a geographical distance through a network connection.
  • Virtual private cloud. We use an isolated and secure private cloud to store our data and execute code.

Data Backup Measures

  • Backup encryption. We encrypt our data before back-up to protect it from unauthorized access and breaches.
  • Frequent data backup. We back up our data by copying it from a primary to a secondary location on a regular basis.

Data Encryption

  • AES Encryption At Rest. We require the same encryption key from both the sender and the receiver of data to read the data.
  • HTTPS encryption in transit. We use HTTPS to encrypt information transmitted between our user's browser and our web service/website.
  • TLS 1.2 or 1.3 used in transit. Any data transferred over the network is protected by TLS encryption.

Control of Processors

  • Security Assessment Process. Our processors and service providers are assessed based on their security policy and data protection measures.
  • Security clauses and contractual obligations. Our processors and service providers mention data protection obligations and security clauses in their service agreements with us.

Physical Security

  • Device Encryption. We encrypt our devices that store business and personal data so they can only be accessed by people who have authorization.
  • Physical access control. Our team members' access to physical locations is restricted with password protected doors, keys or badges.
  • Secured paper archiving. Archived paper documents are stored in secured facilities and can only be accessed by a limited number of employees.

Secured Developments

  • Privacy by design and by default. All our activities involving personal data prioritize privacy, and by default, only collect essential information.
Powered by