Security

Security commitments

• Implementation of IT tools, system features and configuration settings to authorize user access and restrict unauthorized users from accessing unnecessary information for their roles.
• Deployment of intrusion preventions systems to prevent and identify potential security attacks originating from users outside the IT environment.
• Conducting regular vulnerability scans and penetration tests across the IT environment.
• Establishment of operational procedures for handling security incidents and breaches, including notification protocols.
• Utilization of encryption technologies to safeguard customer data both at rest and in transit.
• Implementation of data retention and disposal practices.

Confidentiality commitments

• Employing encryption technologies to safeguard system data during both storage and transit.
• Establishing confidentiality and non-disclosure agreements with employees, contractors, and third parties.
• Ensuring that confidential information is utilized solely for the purposes explicitly outlined in agreements between Streamline IT and client partners.

Penetration testing

Streamline IT annually collaborates with leading penetration testing consulting firms, yielding several advantages, including:

• Identification of vulnerabilities in digital IT infrastructure, ensuring the security of sensitive client partner data and marketing assets.
• Proactive identification and resolution of security weaknesses, reducing the risk of data breaches and preserving Streamline IT’s reputation.
• Assistance in meeting regulatory requirements ensuring compliance with data protection laws.
• A secure digital environment enabling the team to focus on marketing strategies and campaigns without disruptions caused by security incidents.
• Contribution to the development of effective incident response plans for swift reactions to any security breaches.
• Assurance and peace of mind, knowing that Streamline IT’s digital assets and client partner data are well-protected against cyber threats.

Enterprise Security:

1. Endpoint Protection:

• Our corporate devices are centrally managed and equipped with mobile device management software and anti-malware protection.
• Continuous 24/7/365 monitoring for endpoint security alerts.
• Secure endpoint configurations ensured through Microsoft Intune software, enforcing practices like disk encryption, screen lock settings, and software updates.

2. Security Awareness Training:

• Thorough security education is delivered to our staff during the onboarding process and subsequently three times quarterly, utilizing modules on the Curricula platform.
• Mandatory live onboarding sessions for new employees, emphasizing fundamental security principles and secure coding practices.
• Quarterly phishing testing is conducted to assess and enhance the resilience of our security measures against potential threats.

3. Identity and Access Management:

• Employee access to applications is role-based and automatically revoked upon employment termination.
• Additional access granted based on application policies, requiring appropriate approvals.

4. Vendor Security Assessment:

• We employ a risk-oriented approach for evaluating vendor security.
• Factors considered in the inherent risk assessment include accessibility to customer and corporate data, integration with production systems, and potential impact on the Streamline IT brand.
• Following the initial risk assessment, we conduct a thorough evaluation of the vendor’s security to determine a residual risk assessment and make informed decisions regarding vendor approval.