Security Measures

Security Officer. Peoplelogic has appointed a security officer responsible for coordinating and monitoring the security rules and procedures.

Confidentiality Obligations. Peoplelogic personnel with access to Customer Data are subject to confidentiality obligations.

Routine Security Audits. Peoplelogic runs a third-party audit each year to ensure that security practices are up to industry standards.

Physical Access to Facilities. Peoplelogic limits access to facilities where information systems that process Customer Data are located to identified authorized individuals.

Protection from Disruptions. Peoplelogic uses a variety of industry standard systems to protect against loss of data due to power supply failure or line interference.

Movement of Data.  

• Peoplelogic encrypts Customer Data that is transmitted over public networks.
• Peoplelogic restricts access to Customer Data in media leaving its facilities.
• Peoplelogic encrypts all Customer Data at REST and that is transmitted within our private networks.

Access Policy. Peoplelogic maintains a record of security privileges of individuals having access to Customer Data.

Access Authorization

• Peoplelogic maintains a record of personnel authorized to access Peoplelogic systems that contain Customer Data.
• Peoplelogic deactivates authentication credentials that have not been used for a period of time not to exceed six months.
• Peoplelogic identifies those personnel who may grant, alter or cancel authorized access to data and resources.
• Peoplelogic ensures that where more than one individual has access to systems containing Customer Data, the individuals have separate identifiers/log-ins.

Least Privilege

• Technical support personnel are only permitted to have access to Customer Data when needed.
• Peoplelogic restricts access to Customer Data to only those individuals who require such access to perform their job function.

Integrity and Confidentiality

• Peoplelogic instructs Peoplelogic personnel to disable administrative sessions when leaving premises that Peoplelogic controls or when computers are otherwise left unattended.
• Peoplelogic stores passwords in a way that makes them unintelligible while they are in force.

Authentication

• Peoplelogic uses industry standard practices to identify and authenticate users who attempt to access Peoplelogic information systems.
• Where authentication mechanisms are based on passwords, Peoplelogic requires that the passwords are renewed regularly.
• Where authentication mechanisms are based on passwords, Peoplelogic requires the password to be at least eight characters long.
• Peoplelogic ensures that de-activated or expired identifiers are not granted to other individuals.
• Peoplelogic uses industry standard password protection practices, including practices designed to maintain the confidentiality and integrity of passwords when they are assigned and distributed, and during storage.

Network Design. Peoplelogic has controls to avoid individuals assuming access rights they have not been assigned to gain access to Customer Data they are not authorized to access.

Peoplelogic maintains emergency and contingency plans for the facilities in which Peoplelogic information systems that process Customer Data are located.