Data-Loss Prevention (DLP)
The security of your data is of utmost importance to us. We have a comprehensive set of organisational and technical controls to make sure your data is stored and handled securely according to industry best practices.
- Polonious is ISO 27001 and ISO 9001 certified and has established a mature IMS (Information Management System) which includes policies and procedures on who can access client data, how to access client data and acceptable use / handling of client sensitive data.
- Polonious IMS systems managers run regular IMS awareness training and internal audits to make sure employees follow those procedures and policies.
- All Polonious staff are vetted (including police checks) as part of the onboarding process.
- Access to servers / services containing client data is restricted to a minimal number of staff (usually only 3 Polonious technical staff to reduce exposure but allow for 100% support coverage in case of sickness and vacation).
- All client data is classified and tagged using AWS Resource Tags
- All client data is encrypted in transit and at rest using best-practice encryption methods and standards. This includes encryption of EC2/EBS (application server / disk), RDS (database), and S3 (uploaded documents).- Encryption keys are securely managed via AWS KMS
- Every Knox-grade Polonious client environment is hosted in its own VPC on AWS with strict security groups configured
- Access to a Knox-grade Polonious client environment is secured via a dedicated VPN
- Access to the AWS console is restricted via security groups and IAM managed. Use of MFA-login is required to gain access to AWS console.
- All AWS console actions are logged in CloudTrail / CloudWatch and forwarded to an external SIEM provider for analysis and automated alerting
- All actions on the operating system level are captured via SIEM agent and forwarded to an external SIEM provider for analysis and automated alerting
- SIEM alerts are sent to multiple Polonious staff including ISO system manager who is not involved in the technical support processes