Information Security Policy 

At Method13, protecting the confidentiality, integrity, and availability of our customers’ data is a top priority. We maintain a comprehensive security program designed to safeguard information assets and ensure compliance with industry standards, including the Payment Card Industry Data Security Standard (PCI DSS).

Our Security Commitments

1. Data Protection

  • We use strong encryption to protect data in transit and at rest.

  • Access to customer data is limited to authorized personnel on a need-to-know basis.

  • Sensitive information, including payment card data, is never stored beyond what is contractually and legally required.

2. Vulnerability & Patch Management

  • Systems are regularly scanned for vulnerabilities.

  • Security patches and updates are applied promptly based on severity, with critical issues addressed as soon as reasonably possible.

  • We follow documented vulnerability remediation and change management policies.

3. Incident Response

  • We maintain a formal incident response plan in alignment with PCI DSS.

  • In the event of a confirmed data breach, we will notify affected customers and stakeholders promptly and transparently, consistent with regulatory and contractual requirements.

4. Access Controls & Monitoring

  • Multi-factor authentication and strong password policies are enforced across systems.

  • Administrative access is restricted, logged, and monitored.

  • Continuous monitoring tools are in place to detect and respond to potential threats.

5. Business Continuity & Disaster Recovery

  • We maintain backup and recovery processes to minimize disruption in the event of a disaster.

  • Customer data backups are retained for no longer than 30 days.

  • Our continuity plans are reviewed and tested regularly.

6. Employee Awareness & Training

  • All employees receive ongoing security training, including PCI DSS awareness.

  • Policies are enforced through technical controls and disciplinary measures when necessary.

7. Compliance & Oversight

  • Method13 adheres to applicable legal, regulatory, and contractual requirements for information security.

  • We review our security program annually and update policies as needed to address emerging threats.

Customer Responsibilities

Security is a shared responsibility. Customers are expected to:

  • Use strong authentication for their accounts.

  • Safeguard access credentials and promptly report suspected compromise.

  • Comply with Method13’s Acceptable Use Policy when using our services.

Commitment to Trust

We recognize that our customers place significant trust in us to safeguard their systems and data. Method13 is committed to maintaining a robust, transparent, and continuously improving security posture to protect that trust.

 

Hai trovato utile questa risposta? 0 Utenti hanno trovato utile questa risposta (0 Voti)

Gli articoli più popolari

Data Privacy Agreement

Data Privacy Agreement This Data Privacy Agreement ("Agreement") is entered into on [Date] by...
Disaster Recovery (D/R) Policy and Offering Overview

Purpose: Our Disaster Recovery (D/R) services are designed to ensure business continuity and...
Incident Response & Breach Notification Policy

Here’s a polished Incident Response & Breach Notification Policy for Method13. I’ve written...
Vulnerability Remediation Policy

Here’s a draft Vulnerability Remediation Policy tailored for Method13 that aligns with PCI DSS...
Data Retention & Disposal Policy

Data Retention & Disposal Policy 1. Purpose The purpose of this policy is to define how...