What are the technical and organizational measures (TOMs) implemented at Remote to comply with data protection obligations?

Article author
Yancho Yanchev
  • Updated

Remote is SOC 2 Type 2 certified. As of July 2022, Remote is working towards certification for ISO 27001. Some of the security controls we’ve implemented to comply with SOC 2 include:

  • Continuous credentials auditing and management.
  • Physical access to our IT infrastructure is controlled and managed by AWS.
  • Electronic access is protected by MFA. Intrusion prevention and detection systems.
  • Enforce the usage of strong passwords.
  • Follow the least privilege principle to limit systems’ access to essential personnel only.
  • Conduct internal security and privacy training.
  • Architecture network isolation through private networks.
  • Data is encrypted at rest. Data is encrypted in transit (TLS > 1.2).
  • Conduct regular vulnerability scanning.
  • All internal tools and systems require SSO.
  • Applicational logs are stored off site and kept for a limited period. Vendor assessments are conducted before being contracted and regularly assessed.
  • We maintain different environments for testing and production purposes.
  • Infrastructure-as-code allows for quick rebuilding and portability.
  • Continuous monitoring of applications and infrastructure.
  • Perform regular data backups.
  • Regularly test our Incident Response
  • Plan and our Business Continuity and Disaster Recovery plan.

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.