Security
We understand how much data security and privacy mean to your company. At Looppanel, we take data privacy and security very seriously. We constantly improve our security measures, and we'd love to share more details to show you how we take protecting the data you trust us with.
User Access Control
- Access on a need-to-know basis. Our team members only have access to the information that their job function requires, regardless of their security clearance level or other approvals.
- Logical access restriction. Our team members have restrictive access to data based on identification, authentication, and authorization systems.
- Multi-factor authentication. We use a multi-step account login process to require employees to enter more information than just a password for authentication.
- Prohibition of shared accounts. Our team members have unique accounts to log into systems and apps and we avoid sharing passwords.
- Regular access review. We conduct periodic reviews on who has access privileges to digital assets in the organization.
- Strong password policy. We have strong guidelines for password management to ensure that all passwords used within the organization are secure and resistant to common attacks.
Traceability Measures
- Security event logging. We monitor event logs to identify unauthorized security-related activities.
- System access & attempts log. We maintain a history of all requests and attempts to access the system.
Software Protection Measures
- Antivirus on devices. We equip all devices with antivirus software or applications.
- Antivirus on systems. We equip all systems, such as servers and network devices, with antivirus software or applications.
- Risk assessment program. We have established processes to identify potential security-related risks, evaluate their likelihood and impact, and implement controls to mitigate or manage those risks.
- Software security updates. We have security updates on all software.
System and Network Protection
- Asset Inventory. We have an up-to-date record of all hardware and software within the organization.
- Attack prevention. We've put in place a set of measures to prevent and reduce the risks of cyber attacks.
- Firewall on internet traffic. We have firewall monitors and filters for our incoming and outgoing internet traffic.
- Remote access authorization process. Only authorized persons have the ability to access a computer or network from a geographical distance through a network connection.
- Vulnerability monitoring and patching. We have processes to identify, scan and prioritize vulnerabilities for remediation.
Data Backup Measures
- Backup encryption. We encrypt our data before back-up to protect it from unauthorized access and breaches.
- Disaster recovery plan. We have formal procedures and guidelines to restore critical business functions and IT systems in the event of a disaster.
- Frequent data backup. We back up our data by copying it from a primary to a secondary location on a regular basis.
Data Encryption
- AES Encryption At Rest. We require the same encryption key from both the sender and the receiver of data to read the data.
- HTTPS encryption in transit. We use HTTPS to encrypt information transmitted between our user's browser and our web service/website.
- TLS 1.2 or 1.3 used in transit. Any data transferred over the network is protected by TLS encryption.
Control of Processors
- Security Assessment Process. Our processors and service providers are assessed based on their security policy and data protection measures.
- Security clauses and contractual obligations. Our processors and service providers mention data protection obligations and security clauses in their service agreements with us.
Physical Security
- Device Encryption. We encrypt our devices that store business and personal data so they can only be accessed by people who have authorization.
Security Governance
- Employees background check. We review every employees' criminal, employment, and/or financial records during our recruitment process.
- Security ownership and roles. Data ownership and security-related roles are clearly defined within our organization.
- Security policies and procedures. We have clearly outlined principles and strategies to maintain our data security.
- Security training. Our team members are trained regarding cybersecurity issues.
Secured Developments
- Code Review and Testing (OWASP). We ensure the quality of our code base with peer code reviews and frequent code testing.
- Malicious code detection. Our organization's systems and networks are monitored to detect malicious code.
- Privacy by design and by default. All our activities involving personal data prioritize privacy, and by default, only collect essential information.
Data Retention and Erasure
- Right request management process. We've established process to ensure our users' rights requests are addressed within the required timeframe.
- Secured data erasure. Once we delete our users' data from our systems and apps, it can't be recovered.