Controls

Data and Applications

STATUS

CONTROL

Compliant

Data Backup and Recovery

All critical work data, including customer data, source code, records, and business documents, must be backed up and fully recoverable when needed.

Compliant

Applying data protection solutions

User data must be strictly protected, including but not limited to encryption, access control, partitioning, backup/recovery, and monitoring during storage, transmission, and usage.

Compliant

Data protection at rest

Sensitive and confidential data is encrypted at rest.

Compliant

Data protection in transit

Sensitive and confidential data is encrypted during transmission over internal networks and the Internet, via HTTPS or VPN.