OpenPO
Get Free AccessLog In

Security Practices

Security Practices for openpo.com

At Wheatisle Pty Ltd ("Wheatisle"), we understand the importance of safeguarding your data when using our online Services. These Security Practices describe the measures and safeguards we employ to protect the security, integrity, and confidentiality of Customer Content and openpo.com’s online Services against information security threats.


1. General

1.1 Information Security Program

Wheatisle maintains a comprehensive written information security program. This includes policies, standards, and procedures governing the processing and security of Customer Content and the systems or networks used by Wheatisle to deliver the Services under the Agreement.

1.2 Confidentiality and Training

Wheatisle ensures that its personnel:

▪ Are bound by confidentiality obligations substantially as protective as those outlined in the Agreement.

▪ Receive appropriate training related to the processing and protection of Customer Content.

1.3 Definitions

Agreement : The agreement governing Customer’s access to and use of Wheatisle’s online Services.

Customer Content : Any data, file attachments, text, images, or other content uploaded or submitted by Customer or Users that Wheatisle processes on Customer’s behalf.

Process : : Operations performed on Customer Content, including collection, storage, retrieval, and deletion.

Security Breach : : An incident resulting in the accidental or unlawful destruction, alteration, or unauthorized access to Customer Content.

2. Security Controls

Wheatisle employs physical, organizational, and technical controls to protect Customer Content, including.

2.1 Firewalls

Maintains and operates firewalls to protect data accessible via the Internet.

2.2 Updates

Ensures systems are updated with the latest security patches, updates, and modifications

2.3 Anti-Malware

Deploys anti-malware software to mitigate threats from viruses, spyware, and malicious code, ensuring it remains up-to-date.

2.4 Access Controls

▪ Assigns unique IDs to personnel with access to systems handling Customer Content.

▪ Regularly reviews access lists to ensure compliance with minimal access principles.

▪ Enforces strong password policies, including multi-factor authentication and account lockout after failed login attempts.

2.5 Encryption

Encrypts Customer Content at rest and ensures only encrypted connections are used for data transfer.

2.6 Data Deletion

Follows standards like NIST SP 800-88 to securely render Customer Content unrecoverable before disposal.

3. Use of Third Parties

3.1 Hosting Providers

Wheatisle ensures third-party hosting providers maintain security standards consistent with these practices, including physical security, environmental controls, and regular independent risk assessments.

3.2 Security Audits

Conducts regular audits and assessments of third-party providers to validate compliance with these Security Practices.

4. System Availability

Wheatisle maintains a disaster recovery program designed to:

▪ Recover services following an incident.

▪ Regularly reviews access lists to ensure compliance with minimal access principlesValidate procedures for data recovery and restoration.

▪ Perform annual testing and updates of the disaster recovery program.

5. Security Breach

5.1 Procedure

▪ Wheatisle notifies Customers in writing without undue delay after confirming a Security Breach

▪ Investigates, mitigates, and remediates breaches in accordance with internal policies.

5.2 Notifications

Notifications of breaches are delivered to designated Customer contacts via reasonable means, including email.

5.3 Disclaimer

Wheatisle’s reporting of a Security Breach is not an admission of fault or liability.

6. Auditing and Reporting

6.1 External Audits

Wheatisle employs independent auditors to verify the adequacy of its security measures, including producing audit reports based on SOC2 or equivalent standards.

6.2 Customer Audits

Allows Customers to conduct their own audits under certain conditions, including prior notice and adherence to confidentiality and operational safeguards.