To outline Linkfire’s information security structure.
- Linkfire employs full-time dedicated Personnel responsible for information security.
- The information security function reports directly to the Linkfire senior leadership team.
- Linkfire has a comprehensive set of information security policies, approved by senior management and disseminated to all Personnel.
- All Linkfire Personnel have signed legally reviewed confidentiality agreements.
- All Linkfire Personnel are given training in information security.
- Linkfire has a central, secure repository of product source code, which is accessible only to authorized Personnel.
- Linkfire has a formal application security program and employs a robust Secure Development Lifecycle (SDL).
- All changes to software on the Linkfire Service are via a controlled, approved release mechanism within a formal change control program.
o protect the physical assets that contain Customer Data.
- The Linkfire Service operates from certified third-party production cloud providers with a defined and protected physical perimeter, strong physical controls including access control mechanisms, controlled delivery and loading areas, surveillance, and security guards.
- Each Data Center is audited for compliance with Linkfire security controls.
- Each cloud provider has a zero-access policy towards physical access to facilities.
- Power and telecommunications cabling carrying Customer Data or supporting information services at the production cloud providers are protected from interception, interference, and damage.
- The production data centers and their equipment are physically protected against natural disasters, unauthorized entry, malicious attacks, and accidents.
- Equipment at the production data center is protected from power failures and other disruptions caused by failures in supporting utilities and is appropriately maintained.
Linkfire has established a password policy that prohibits the sharing of passwords and requires passwords to be changed on a regular basis and default passwords to be altered. All passwords must fulfill defined minimum complexity requirements and are stored in encrypted form.
Access to systems containing Customer Data is only possible through a secure office network or VPN tunnel.
Linkfire has a comprehensive process to deactivate users and their access when Personnel leaves the company or a function.
All access or attempted access to systems is logged and monitored.
To ensure Customer Data remains confidential throughout the processing and remains intact, complete and current while protecting from accidental destruction or loss.
- Customer access to the Linkfire Service portals is protected by the most current version of Transport Layer Security (TLS).
- Linkfire uses Strong Encryption in the transmission of Customer Data within our production data centers.
- Linkfire uses proactive security measures that identify at-risk data and implement effective data protection for data in transit and at rest.
- Data at rest is encrypted with industry-standard AES-256
- Linkfire uses a high level of redundancy when storing Customer Data. Customer Data is stored across 2 geographically separate data centers using multiple separate cross connections.
- Linkfire maintains a robust Business Continuity/Disaster Recovery program including:
- Well defined updated plans.
- Regular Testing and retrospectives.
- Linkfire employes Network Level and host-based firewalls to block unauthorized system access.
- Networks are continuously scanned to immediately detect any potential misconfiguration with our infrastructure.
- All infrastructure is built to be replaced or rebuilt at a moments notice with 0 data loss.
- Operating systems are patched and managed and tested strictly through configuration management systems.
In the event of any security breach of Customer Data, the effect of the breach is minimized and the Customer is promptly informed.
- Linkfire maintains an up-to-date incident response plan that includes responsibilities, how information security events are assessed and classified as incidents and response plans and procedures.
- Linkfire regularly tests its incident response plan with “table-top” exercises and learns from tests and potential incidents to improve the plan.
- In the event of a security breach, Linkfire will notify Customers without undue delay after becoming aware of the security breach.
To ensure Linkfire regularly test, assess, and evaluates the effectiveness of the technical and organizational measures outlined above.
- Linkfire conducts regular audits of its security policies and practices.
- Linkfire ensures that Personnel is aware of and comply with the technical and organizational measures set forth in the Information Security Policy.