SmiKar’s Commitment to Data Protection and Information Security

At SmiKar Software, the protection of your data is of paramount importance. Our approach to data protection and information security is comprehensive, integrating industry-leading practices and technologies to ensure your data remains confidential, integral, and available at all times. This page provides an in-depth overview of the standards, policies, and measures we have in place to safeguard your data.

SmiKar Data Protection Standard

Ensuring Data Protection and Security: SmiKar’s Standards

 

1. Data Protection Framework

1.1. Legal Compliance
SmiKar complies with the data protection laws and regulations applicable in the jurisdictions where we operate. We ensure that our data handling processes meet or exceed legal requirements, and we are committed to staying informed and up-to-date with any changes in relevant legislation.

1.2. Contractual Obligations
We provide our customers with a contract that clearly outlines the roles and responsibilities of both SmiKar and our customers in the handling of data. This contract covers key areas such as the scope of data processing, the nature of the data involved, security measures, and procedures for managing data breaches. By signing this contract, we formalise our commitment to protecting customer data according to our stringent standards.

1.3. Data Subject Rights
While our primary focus is on data protection for our customers, we also recognise the importance of respecting the rights of individuals regarding their personal data. We have established processes to facilitate the exercise of these rights, including access to personal data, rectification, erasure, and data portability.

2. Information Security Measures

2.1. Encryption and Data Security

  • Data at Rest: SmiKar uses AES-256 encryption to secure all customer data stored on our systems. This advanced encryption standard is widely recognised for its strength and reliability, ensuring that stored data is protected against unauthorised access.
  • Data in Transit: We employ Transport Layer Security (TLS) to encrypt data as it is transmitted between our systems and external endpoints. This ensures that data is protected from interception and tampering during transmission.

2.2. Access Controls

  • Role-Based Access Control (RBAC): Access to customer data is tightly controlled using RBAC, which ensures that only individuals with the necessary permissions can access sensitive information. We regularly review and update access controls to maintain the principle of least privilege.
  • Multi-Factor Authentication (MFA): To further secure access to our systems, we require MFA for all employees and contractors accessing sensitive data. MFA adds an additional layer of security by requiring users to verify their identity using multiple methods.

2.3. Network Security

  • Firewalls and Intrusion Detection/Prevention Systems (IDPS): Our network is protected by robust firewalls and IDPS that monitor and filter incoming and outgoing traffic. These systems are configured to detect and block malicious activities, ensuring that our network remains secure.
  • Regular Security Audits and Penetration Testing: We conduct regular security audits and penetration tests to identify vulnerabilities and assess the effectiveness of our security measures. These tests are performed by both internal and external security experts to provide a comprehensive evaluation of our systems.

2.4. Data Segmentation and Isolation
SmiKar employs robust data segmentation and isolation techniques to ensure that each customer’s data is kept entirely separate and secure. By segregating data into distinct and isolated environments, we eliminate the risk of cross-contamination between customers, thereby enhancing the overall security of our data storage solutions. This approach guarantees that each customer’s environment operates independently, ensuring maximum protection and privacy for their data.

3. Data Retention and Disposal

3.1. Data Retention Policy
Our data retention policy is designed to ensure that customer data is kept only as long as necessary to fulfil the purposes for which it was collected, in compliance with legal and contractual obligations. We work closely with our customers to define appropriate retention periods and ensure that data is managed accordingly.

3.2. Secure Data Disposal
When data is no longer needed, SmiKar follows industry-standard practices to securely dispose of it. This includes the use of secure deletion methods that prevent unauthorised recovery of data. For physical media, we employ certified data destruction services to ensure that media is rendered unusable.

3.3. Data Anonymisation and Pseudonymisation
In cases where data needs to be retained for analysis or other purposes, we apply anonymisation or pseudonymisation techniques to protect the identity of individuals. This allows us to continue using the data without compromising the privacy and security of personal information.

4. Incident Management and Breach Notification

4.1. Incident Response Plan
SmiKar has developed a comprehensive incident response plan that outlines the steps to be taken in the event of a security incident. Our incident response team is trained to identify, contain, and mitigate incidents quickly, minimising potential damage and restoring normal operations as soon as possible.

4.2. Breach Notification
In the event of a data breach, SmiKar is committed to notifying affected customers promptly. We provide detailed information about the nature of the breach, the data involved, and the steps we are taking to address the issue. Our breach notification process complies with applicable legal requirements, ensuring transparency and accountability.

4.3. Post-Incident Analysis
Following a security incident, we conduct a thorough post-incident analysis to understand the root cause and identify opportunities for improvement. The insights gained from this analysis are used to strengthen our security measures and prevent future incidents.

5. Third-Party Vendor Management

5.1. Vendor Assessment and Due Diligence
SmiKar conducts rigorous due diligence when selecting third-party vendors who may have access to customer data. We assess each vendor’s data protection and security practices to ensure they meet our high standards. Vendors are required to adhere to the terms set out in our contract, outlining their responsibilities for protecting customer data.

5.2. Ongoing Vendor Monitoring
We continuously monitor our third-party vendors to ensure that they maintain the required security standards. This includes regular reviews of their security practices, audits, and assessments to verify compliance with our agreements.

5.3. Data Sharing and Transfer
Data sharing with third-party vendors is strictly controlled and limited to what is necessary to perform the contracted services. We implement appropriate safeguards, such as encryption and contractual agreements, to protect data during transfer and ensure that it is handled securely by our vendors.

6. Continuous Improvement and Monitoring

6.1. Security Awareness Training
At SmiKar, we believe that security is everyone’s responsibility. We provide regular security awareness training to all employees, covering topics such as phishing prevention, secure password management, and safe data handling practices. This training is designed to keep our team informed about the latest threats and best practices in information security.

6.2. Continuous Monitoring and Threat Detection
We employ advanced monitoring tools to continuously track the security of our systems and detect potential threats in real-time. Our monitoring systems are configured to alert us to suspicious activities, allowing us to respond swiftly and prevent incidents before they escalate.

6.3. Vulnerability Management
SmiKar has a proactive vulnerability management program in place to identify, assess, and remediate security vulnerabilities in our systems. We regularly scan our infrastructure for vulnerabilities and apply security patches and updates as soon as they become available. In the event of a zero-day exploit, our team prioritises patching these vulnerabilities as quickly as possible to minimise any potential risks and ensure the security of our systems.

6.4. Customer Feedback and Reporting
We value feedback from our customers and use it to improve our data protection and security practices. Customers are encouraged to report any security concerns or issues, and we take prompt action to address them. We also provide regular updates to customers on our security measures and improvements.

7. Compliance and Certifications

7.1. Compliance with Industry Standards
SmiKar is committed to adhering to industry standards and best practices for data protection and information security. We regularly review and update our policies and procedures to ensure that they remain aligned with the latest developments in the field.

7.2. Certifications and Third-Party Audits
To demonstrate our commitment to security, SmiKar pursues relevant certifications and undergoes third-party audits to validate our compliance with established standards. These certifications and audits provide our customers with the assurance that we are meeting the highest levels of security and data protection.

7.3. Documentation and Transparency
We maintain comprehensive documentation of our data protection and security practices, which is available to customers upon request. This transparency allows our customers to understand the measures we take to protect their data and trust in our commitment to security.