Trust Center

Security & Technology Policies

Security Policy, Risk, and Governance

This policy sets out the general principles and guidelines for managing Security @ Realigned Technologies.

The basic principles include:

  • We will manage access to company information and customer information based on business need
  • We will implement a series of controls to manage the implementation of security in line with this policy
  • We will periodically review risks and the effectiveness of controls intended to manage those risks
  • We will maintain support for and show commitment in achieving compliance with applicable PII protection legislation and the contractual terms of cloud customers

Access Management

This policy sets out the general principles and guidelines for Access Management.

The basic principles include:

  • We will maintain an Access Control policy outlining how to manage access to systems
  • User accounts will be used to manage access
  • All users have responsibility to manage access to their systems
  • Systems will be logged and monitored for potential inappropriate access
  • Remote access will be enabled via multi-factor authentication
  • Duties should be segregated where appropriate

Asset Management

This policy sets out the general principles and guidelines for management of Realigned Technologies' (RT) IT assets and how those assets should be handled.

The basic principles of asset management at RT include:

  • We will maintain an inventory of assets
  • Assets maintained in an asset management database will have identified owners
  • Acceptable use of assets will be identified, documented and implemented;
  • Assets will be returned to RT if employment is terminated.

Cryptography & Encryption

This policy sets out the general principles to ensure that Realigned Technologies (RT) implements appropriate encryption & cryptography to ensure confidentiality and integrity of critical data. RT deploys cryptographic mechanisms to mitigate the risks involved in storing sensitive information and transmitting it over networks, including those that are publicly accessible (such as the internet). Facilitating the use of encryption technologies that are reliable, secure and proven to work effectively is a key objective of this standard in order to mitigate the risk of unauthorised access to and/or modification of sensitive company information.

The basic principles include:

  • Sensitive data is encrypted appropriately;
  • Strength of selected encryption corresponds with information classification;
  • Cryptographic keys will be securely managed;
  • Only approved cryptographic algorithms and software modules will be used.

Operations

This policy sets out the general principles and guidelines for technology operational practices at Realigned Technologies.

The basic principles include:

  • procedures should be documented for operational activities
  • backups should be taken regularly and the backups tested
  • changes should be managed and evaluated by multiple people
  • capacity should be evaluated and planned for
  • software installation should be limited and unnecessary software should be restricted

Personnel Security

This policy sets out the general principles and guidelines for personnel security at Realigned Technologies (RT).

The basic principles include:

  • Security responsibilities will be outlined in job definitions
  • All employees and users will regularly view security awareness training
  • All employees and contractors have a duty to report security incidents or weaknesses
  • Upon employee termination, access and return of assets will occur in a reasonable time frame

Supplier Management

This policy sets out the general principles and guidelines to select, engage, monitor and off-board suppliers.

The basic principles include:

  • RT will be purposeful in managing our vendor selection process
  • RT will perform oversight of the relationship to ensure it meets our standards

Threat & Vulnerability Management

This policy sets out the general principles and guidelines for managing security threats and vulnerabilities both in our environment and in our products.

The basic principles include:

  • Manage security vulnerabilities in our products and services, including issuing updates, patches or advisories
  • Manage security threats and vulnerabilities throughout our environment, both internal and hosted environments
  • Manage the threat of malware in the environment