ZBrains Security
Scope of Policy
This policy applies to all employees of ZBrains.
ZBrains does not have 3rd party contractors or vendors who process data on behalf of ZBrains.
Zoho Security Information
Visit https://www.zoho.com/security.html for information on the Zoho Security strategy and components.
Policy Operational Date
This policy was placed into effect January 1st, 2020
Policy Review Date
This policy is reviewed annually, unless otherwise requested by a party we are processing data for.
Purpose of Policy
- Complying with the law
- Following good practice
- Protecting clients, staff and other individuals
- Protecting the organization
Types of Data
ZBrains does not store personally identifiable information on its customers. For businesses that do store personally identifiable information, data is not processed or stored by ZBrains.
Policy Statement
At ZBrains, we are committed to:
- Complying with both the law and good practice
- Respecting individuals’ rights
- Being open and honest with individuals whose data is held
- Providing training and support for staff who handle personal data, so that they can act confidently and consistently
- Notifying the Information voluntarily
Physical Security at Data Centers
ZBrains uses GCP and AWS and completes annual service audits.
At Zoho Data Centers, a co location provider takes responsibility of the building, cooling, power, and physical security, while Zoho provides the servers and storage. Access to the Data Centers is restricted to a small group of authorized personnel. Any other access is raised as a ticket and allowed only after the approval of respective managers. Additional two-factor authentication and biometric authentication are required to enter the premises. Access logs, activity records, and camera footage are available in case an incident occurs.
Security Awareness
Each ZBrains employee signs a confidentiality agreement and acceptable use policy, which includes information security, privacy, and compliance. All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.
Breach Notification
It is possible that information could get into the wrong hands, if a device was lost, stolen, and/or hacked, and the multiple access levels were breached.
Enforcement
All employees are trained during their orientation about data protection, and our processes for obtaining access to both our data, and client systems.
Security measures
All credentials are stored, shared, and managed securely. If an employee leaves the company or a client system is breached, passwords and permissions are revoked immediately, and all sessions are terminated.
Business Continuity & Disaster Recovery
Business continuity is ensured through backups of data, source code, and a disaster recovery plan is in place.
Data Retention Periods
Client information and documents are archived annually, if the client is no longer active and Brains have not done business with that client in the current calendar year.
How to Protect Your Own Security
As a ZBrains Client and Zoho User, we recommend the following protocols to ensure security of your system:
- Choose a unique, strong password and protect it.
- Use multi-factor authentication.
- Use the latest browser versions, mobile OS and updated mobile applications to ensure they are patched against vulnerabilities and to use latest security features.
- Exercise reasonable precautions while sharing data from our cloud environment.
- Classify your information into personal or sensitive and label them accordingly.
- Monitor devices linked to your account, active web sessions, and third-party access to spot anomalies in activities on your account, and manage roles and privileges to your account.
- Be aware of phishing and malware threats by looking out for unfamiliar emails, websites, and links that may exploit your sensitive information by impersonating ZBrains, Zoho, or other services you trust.
- To learn more about how you can achieve a secure cloud environment, contact ZBrains help desk, or read the Zoho resource on Understanding shared responsibility with Zoho.
Conclusion
For further assistance, please don’t hesitate to contact the ZBrains help desk.