Security Practices for openpo.com
At Wheatisle Pty Ltd ("Wheatisle"), we understand the importance of safeguarding your data when using our online Services. These Security Practices describe the measures and safeguards we employ to protect the security, integrity, and confidentiality of Customer Content and openpo.com’s online Services against information security threats.
1. General
1.1 Information Security Program
Wheatisle maintains a comprehensive written information security program. This includes policies, standards, and procedures governing the processing and security of Customer Content and the systems or networks used by Wheatisle to deliver the Services under the Agreement.
1.2 Confidentiality and Training
▪ Are bound by confidentiality obligations substantially as protective as those outlined in the Agreement.
▪ Receive appropriate training related to the processing and protection of Customer Content.
1.3 Definitions
Agreement : The agreement governing Customer’s access to and use of Wheatisle’s online Services.
Customer Content : Any data, file attachments, text, images, or other content uploaded or submitted by Customer or Users that Wheatisle processes on Customer’s behalf.
Process : : Operations performed on Customer Content, including collection, storage, retrieval, and deletion.
Security Breach : : An incident resulting in the accidental or unlawful destruction, alteration, or unauthorized access to Customer Content.
2. Security Controls
Wheatisle employs physical, organizational, and technical controls to protect Customer Content, including.
2.1 Firewalls
Maintains and operates firewalls to protect data accessible via the Internet.
2.2 Updates
Ensures systems are updated with the latest security patches, updates, and modifications
2.3 Anti-Malware
Deploys anti-malware software to mitigate threats from viruses, spyware, and malicious code, ensuring it remains up-to-date.
2.4 Access Controls
▪ Assigns unique IDs to personnel with access to systems handling Customer Content.
▪ Regularly reviews access lists to ensure compliance with minimal access principles.
▪ Enforces strong password policies, including multi-factor authentication and account lockout after failed login attempts.
2.5 Encryption
Encrypts Customer Content at rest and ensures only encrypted connections are used for data transfer.
2.6 Data Deletion
Follows standards like NIST SP 800-88 to securely render Customer Content unrecoverable before disposal.
3. Use of Third Parties
3.1 Hosting Providers
Wheatisle ensures third-party hosting providers maintain security standards consistent with these practices, including physical security, environmental controls, and regular independent risk assessments.
3.2 Security Audits
Conducts regular audits and assessments of third-party providers to validate compliance with these Security Practices.
4. System Availability
▪ Recover services following an incident.
▪ Regularly reviews access lists to ensure compliance with minimal access principlesValidate procedures for data recovery and restoration.
▪ Perform annual testing and updates of the disaster recovery program.
5. Security Breach
5.1 Procedure
▪ Wheatisle notifies Customers in writing without undue delay after confirming a Security Breach
▪ Investigates, mitigates, and remediates breaches in accordance with internal policies.
5.2 Notifications
Notifications of breaches are delivered to designated Customer contacts via reasonable means, including email.
5.3 Disclaimer
Wheatisle’s reporting of a Security Breach is not an admission of fault or liability.
6. Auditing and Reporting
6.1 External Audits
Wheatisle employs independent auditors to verify the adequacy of its security measures, including producing audit reports based on SOC2 or equivalent standards.
6.2 Customer Audits
Allows Customers to conduct their own audits under certain conditions, including prior notice and adherence to confidentiality and operational safeguards.