Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Tropos Alerts - IT Data Security Policy

            Created by Vamshi Reddy, Modified on Tue, 19 Aug at 11:07 AM by Vamshi Reddy

            1. Data Protection

            1.1 Encryption in Transit

            • All data transferred over public networks is encrypted via SSL and HTTPS/TLS.

            1.2 Encryption at Rest

            • All Customer Personal Data at rest is encrypted using AES-256 or higher.

            • Tropos Alerts does not make copies of Customer Personal Data except as reasonably necessary for providing the Service and backup.

            2. Data Deletion

            • Upon termination of service, Tropos Alerts will, upon Customer request and subject to the Agreement, delete Customer Personal Data in accordance with defined procedures and timeframes.

            3. Access Control

            3.1 Principle of Least Privilege

            • Users are granted the minimum access required for their role.

            3.2 Authorization & Training
            Tropos Alerts ensures that anyone processing Customer Personal Data:
            (a) is competent and qualified;
            (b) has been authorized by Tropos Alerts;
            (c) has been instructed in data protection requirements.

            3.3 Role-Based Access

            • Production access is centralized, auditable, role-based, and reviewed quarterly.

            4. Asset Management

            • All Tropos Alerts assets are tracked in a central repository.

            • Corporate laptops use full-disk encryption and are securely wiped when decommissioned.

            • Infrastructure resides in AWS certified data centers, which use NIST 800-88 sanitization standards.

            5. Passwords & Authentication

            • Strong password policies aligned with industry standards.

            • Internal users must use Single Sign-On (SSO) + Multi-Factor Authentication (MFA).

            • Customers may also enable SSO with MFA.

            6. Change Management

            • All changes to Tropos Alerts software follow documented change management processes and require testing and approval before release.

            7. Business Continuity & Disaster Recovery

            7.1 Resilience

            • Systems are deployed with redundant load balancers, web servers, and databases.

            • Customer Personal Data is replicated and backed up every 6 hours.

            7.2 Disaster Recovery

            • Third-party data centers maintain annual DR tests.

            • Tropos Alerts regularly performs recovery testing.

            8. Incident Management & Breach Notification

            • Tropos Alerts maintains incident management policies.

            • Customers are promptly notified of any actual or suspected unauthorized disclosure of Customer Personal Data.

            9. Risk Management

            • Annual enterprise and cybersecurity risk assessments.

            • Continuous risk monitoring across systems and services.

            10. Security Training

            • All new employees and contractors receive onboarding security training.

            • Annual information security refresher training is mandatory and monitored for compliance.

            11. Threat & Vulnerability Management

            11.1 Vulnerability Management

            • Continuous vulnerability scanning across infrastructure.

            • Annual third-party penetration testing; reports available under NDA.

            11.2 Patch Management

            • Automated patching and configuration management.

            • Patch application based on severity, aligned with patch management guidelines.

            12. General Controls

            Tropos Alerts ensures measures to:
            (a) Control access to processing equipment (equipment access control)
            (b) Prevent unauthorized copying/removal of data media (media control)
            (c) Restrict and monitor access to Customer Personal Data (data access control)
            (d) Secure communications and transfers (communication & transport control)
            (e) Enable recovery and ensure reliability (recovery & integrity control)

            13. Logging & Monitoring

            • All systems storing Customer Personal Data produce system logs.

            • Logs are collected centrally for monitoring and auditing.

            14. Intrusion Detection

            • Tropos Alerts, or an authorized third party, uses network-based and log-based intrusion detection to monitor for threats.

            15. Physical Security

            • Data centers are staffed with 24/7 security, biometric access, and escort controls.

            • Facilities are resilient to natural disasters and supported by on-site backup power.

            16. Human Resource Security

            16.1 Employee Handbook

            • All employees must read and agree to Tropos Alerts’ Code of Business Conduct and Ethics.

            16.2 Acceptable Use Policy (AUP)

            • Covers hardware, software, mobile device, network use, social media, and data handling.

            16.3 Non-Disclosure Agreements (NDA)

            • All employees, contractors, and third-party providers must sign NDAs before engagement.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0