This Cloud Security Policy (“Security Policy”) is incorporated into the Services Agreement and forms part of the written agreement between you and Edsembli. The Security Policy defines the security policies and measures that apply to the Hosted Services that you subscribed for in the Services Agreement. The Security Policy may reference other Edsembli agreements or policy documents.
Terms not otherwise defined herein shall have the meaning ascribed to such term in the General Terms and Conditions applicable to your Order.
1.1. Purpose. Edsembli’s security controls, practices and procedures are designed to protect the confidentiality, integrity, and availability of Customer Data within the Hosted Services environment. This includes the protection of Customer Data from any loss, destruction or unauthorized processing activities.
1.2. Codes and Standards. Hosted Services are compliant with the following recognized codes and standards:
1.3. Applicability. This Security Policy is applicable to your use of the Hosted Services. Edsembli personnel (including employees, contractors, and temporary employees) are subject to internal Edsembli information security controls, practices, procedures and any additional policies that govern their employment or services they provide to Edsembli.
1.4. Approach. The Security Policy is part of a comprehensive approach to data and information security, that encompasses complementary network, operating system, database, and software security controls, practices and procedures for the purpose of establishing a foundation of strong internal controls, governance, and oversight.
1.5. Your Responsibilities. You are responsible for maintaining appropriate security, protection, and backup of Customer Data, which may include the use of encryption technology to protect Customer Data from unauthorized access and routine archiving.
1.6. Maintenance of Security Polices. Edsembli evaluates its security controls, practices and procedures on a continual basis and will update the Security Policy as required.
2.1. Internal and External Measures. Physical security measures applicable to Edsembli controlled locations and third-party data centres utilized by Edsembli may include:
2.2. Edsembli Controlled Locations. Edsembli employs measures designed to prevent unauthorized persons from gaining access to computing facilities within Edsembli office locations. These measures may include the use of:
2.3. Third Party Data Centres. Edsembli ensures that any third-party data centres that it utilizes employ physical safeguards such as:
2.4. Your Locations. The Security Policy does not apply to your locations. You are responsible for the security of your own facilities and network connections used to access the Hosted Services.
The following system access controls may be utilized as part of the Edsembli’s security controls, practices and procedures:
For service components managed by Edsembli, Edsembli’s access to Customer Data is restricted to authorized staff.
Your access to Hosted Services is through a secure communication protocol provided by Edsembli. If access is through a Transport Layer Security (TLS) enabled connection, that connection is negotiated for at least 128 bit encryption. The private key used to generate the cipher key is at least 2048 bits. TLS is implemented or configurable for all web-based TLS-certified applications deployed at Edsembli. It is recommended that the latest available browsers certified for Edsembli programs, which are compatible with higher cipher strengths and have improved security, be utilized for connecting to web enabled programs. The list of certified browsers for each version of Hosted Services will be made available via a portal accessible to you or in the corresponding Service Description for the Hosted Services. In some cases, a third party site that you wish to integrate with the Hosted Services, such as a social media service, may not accept an encrypted connection. For Hosted Services where HTTP connections with the third party site are permitted by Edsembli, Edsembli will enable such HTTP connections in addition to the HTTPS connection.
The collection and storage of Customer Data is under your control and responsibility. You are also responsible for the transfer of Customer Data into the Hosted Services environment.
Customer Data is logically or physically segregated from the content of other customers processed within the Hosted Services environment.
All Edsembli personnel that have access to Customer Data are subject to confidentiality agreements and are required to complete information-protection awareness training. Thereafter, all Edsembli personnel that have access to Customer Data are required to act in accordance with applicable Edsembli security and privacy controls, policies and procedures.
Edsembli employs internal processes for regularly testing, assessing, evaluating and maintaining the effectiveness of the technical and organizational security measures described in the Security Policy.
Edsembli may conduct independent audits of the Hosted Services environment in the following areas:
Security Logs are generated for security-relevant activities on operating systems. Edsembli systems are configured to log default security activities, access to information or programs, system events such as alerts, console messages, and system errors. Edsembli reviews the Security Logs for forensic purposes and incidents. The Security Logs are retained online for a minimum of ninety (90) days, or as otherwise required by an applicable regulatory framework.
You are responsible for: