Need Zoho information or help due to COVID-19? Let us know.

ZBrains Security

Scope of Policy

This policy applies to all employees of ZBrains.  

ZBrains does not have 3rd party contractors or vendors who process data on behalf of ZBrains.

Zoho Security Information

Visit https://www.zoho.com/security.html for information on the Zoho Security strategy and components.

Policy Operational Date

This policy was placed into effect January 1st, 2020

Policy Review Date

This policy is reviewed annually, unless otherwise requested by a party we are processing data for.

Purpose of Policy

  1. Complying with the law
  2. Following good practice
  3. Protecting clients, staff and other individuals
  4. Protecting the organization

Types of Data

ZBrains does not store personally identifiable information on its customers. For businesses that do store personally identifiable information, data is not processed or stored by ZBrains.

Policy Statement

At ZBrains, we are committed to:

  1. Complying with both the law and good practice
  2. Respecting individuals’ rights
  3. Being open and honest with individuals whose data is held
  4. Providing training and support for staff who handle personal data, so that they can act confidently and consistently
  5. Notifying the Information voluntarily

Physical Security at Data Centers

ZBrains uses GCP and AWS and completes annual service audits.

Google Cloud Platform

Amazon Web Services
 

At Zoho Data Centers, a co location provider takes responsibility of the building, cooling, power, and physical security, while Zoho provides the servers and storage. Access to the Data Centers is restricted to a small group of authorized personnel. Any other access is raised as a ticket and allowed only after the approval of respective managers. Additional two-factor authentication and biometric authentication are required to enter the premises. Access logs, activity records, and camera footage are available in case an incident occurs.

Security Awareness

Each ZBrains employee signs a confidentiality agreement and acceptable use policy, which includes information security, privacy, and compliance.  All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Breach Notification

It is possible that information could get into the wrong hands, if a device was lost, stolen, and/or hacked, and the multiple access levels were breached.

Enforcement

All employees are trained during their orientation about data protection, and our processes for obtaining access to both our data, and client systems.

Security measures

All credentials are stored, shared, and managed securely. If an employee leaves the company or a client system is breached, passwords and permissions are revoked immediately, and all sessions are terminated.

Business Continuity & Disaster Recovery

Business continuity is ensured through backups of data, source code, and a disaster recovery plan is in place.

Data Retention Periods

Client information and documents are archived annually, if the client is no longer active and Brains have not done business with that client in the current calendar year.

How to Protect Your Own Security

As a ZBrains Client and Zoho User, we recommend the following protocols to ensure security of your system:

  • Choose a unique, strong password and protect it.
  • Use multi-factor authentication.
  • Use the latest browser versions, mobile OS and updated mobile applications to ensure they are patched against vulnerabilities and to use latest security features.
  • Exercise reasonable precautions while sharing data from our cloud environment.
  • Classify your information into personal or sensitive and label them accordingly.
  • Monitor devices linked to your account, active web sessions, and third-party access to spot anomalies in activities on your account, and manage roles and privileges to your account.
  • Be aware of phishing and malware threats by looking out for unfamiliar emails, websites, and links that may exploit your sensitive information by impersonating ZBrains, Zoho, or other services you trust.
  • To learn more about how you can achieve a secure cloud environment, contact ZBrains help desk, or read the Zoho resource on Understanding shared responsibility with Zoho

 

Conclusion

For further assistance, please don’t hesitate to contact the ZBrains help desk.