DigitAll360 prioritizes robust information security management to protect our client’s data, internal assets, and valuable intellectual property. We leverage industry-recognized frameworks to establish, manage, and continuously advance our security posture.

• ISO 27001: We implement an Information Security Management System (ISMS) based on ISO 27001 principles. This encompasses:
• Systematic risk assessment and treatment
• Documented security policies and procedures
• Clearly defined roles and responsibilities for information security
• Ongoing auditing and process improvement
• SOC 2: As part of our commitment to security, availability, processing integrity, confidentiality, and/or privacy, we are scheduled for SOC 2 certification in early 2025. This will provide independent verification of our controls and processes.

• Security Basics

1. Strong Passwords & Multi-Factor Authentication (MFA): Enforce complex passwords and require MFA to access critical systems and accounts.
2. Antivirus/Antimalware Software: Reputable solution on all endpoints (computers, laptops, servers) to detect and prevent common malware infections.
3. Software Updates: We regularly review available updates To close vulnerabilities and keep operating systems, applications, and firmware up to date with the latest security patches.
4. Firewalls: We have implemented the best industry firewalls to control network traffic and block suspicious incoming and outgoing connections.

• Data Protection

1. Encryption: Encrypt sensitive data both when stored (at rest) and when sent over the internet (in transit). Using AES-256 and TLS encryption.
2. Backups: Critical data is backed up to an offsite or cloud location every 6 hours, and full backups are performed daily during slow use periods. The ability to restore data is tested weekly to ensure recoverability.
3. Access Controls: Enforce the principle of least privilege – grant employees only the access necessary to perform their jobs. Regularly review permissions.

• Employee Education

1. Security Awareness Training: Conduct regular training sessions to educate staff on recognizing phishing attacks, social engineering scams, and handling sensitive data.
2. Phishing Simulations: We test our employees’ awareness with realistic phishing simulations quarterly, which help us identify those who need extra training.

• Incident Response Planning

1. Response Plan: We follow the guidelines and recommendations of ISO/IEC 27035-2:2016; the notification timeframe is 2-4 hours, depending on the severity of the event. All notifications to the client are via encrypted Voltage SecureMail only.
2. Plan Testing: Run tabletop exercises to simulate different breach scenarios, ensuring our team understands the process.

• Specialized Considerations

1. Cloud Security: We use Cloudflare network & application security & performance services combined with Google Data cloud service.

We recognize that cybersecurity is an ongoing, collaborative effort. We work closely with our clients, partners, and security experts to maintain a robust security posture adaptable to evolving threats and client requirements.

Luis Vale
VP of Digital Solutions
Luis.Vale@DigitAll360.com
Tel: +43 12 264 462