This Security Statement is aimed at providing you with more information about our security position and practices.
Information Security Policy
Makaye InfoSec maintains a written Information Security policy that defines employee’s responsibilities and acceptable use of information system resources. This policy is periodically reviewed and updated as necessary.
Makaye InfoSec follows the NIST Cybersecurity Framework with layered security controls to help identify, prevent, detect, and respond to security incidents. We track incidents, vulnerability assessments, threat mitigation, and risk management.
Makaye InfoSec employees are required to conduct themselves in a manner consistent with the company’s guidelines. All newly hired employees are required to sign confidentiality agreements and to acknowledge the Makaye InfoSec code of conduct policy.
Physical & Environmental Security
Makaye InfoSec outsources it’s data center operations to a Tier 1 provider with policies, procedures, and infrastructure that handle both physical security of its data centers as well as the environment from which the data centers operate.
Makaye InfoSec maintains a change management process to ensure that all changes made to the production environment are applied in a deliberate manner.
Auditing and Logging
We audit logs on systems. These logs provide an account of which personnel have accessed which systems. Access to our auditing and logging tool is controlled by limiting access to authorized individuals.
Antivirus and Malware Protection
Antivirus and malicious code protection are centrally managed and configured to retrieve the updated signatures and definitions available.
Makaye InfoSec has backup standards and guidelines and associated procedures for performing backup and restoration of data in a scheduled and timely manner.
Our infrastructure servers reside behind firewalls and are monitored for the detection and prevention of various network security threats.
Ongoing vulnerability scans are done to identify vulnerabilities and to determine the effectiveness of the patch management program. Each vulnerability is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation.
Makaye InfoSec has a formalized incident response plan (Incident Response Plan) and associated procedures in case of an information security incident.
Makaye InfoSec takes all reasonable steps to protect information we receive from our users from loss, misuse or unauthorized access, disclosure, alteration and/or destruction.
Business Continuity and Disaster Recovery
To minimize service interruption due to hardware failure, natural disaster, or other catastrophe, we implement a backup and disaster recovery program to protect critical systems.