Legal Home Legal This Security Statement is aimed at providing you with more information about our security position and practices. Information Security Policy Makaye InfoSec maintains a written Information Security policy that defines employee’s responsibilities and acceptable use of information system resources. This policy is periodically reviewed and updated as necessary. Organizational Security Makaye InfoSec follows the NIST Cybersecurity Framework with layered security controls to help identify, prevent, detect, and respond to security incidents. We track incidents, vulnerability assessments, threat mitigation, and risk management. Personnel Security Makaye InfoSec employees are required to conduct themselves in a manner consistent with the company’s guidelines. All newly hired employees are required to sign confidentiality agreements and to acknowledge the Makaye InfoSec code of conduct policy. Physical & Environmental Security Makaye InfoSec outsources it’s data center operations to a Tier 1 provider with policies, procedures, and infrastructure that handle both physical security of its data centers as well as the environment from which the data centers operate. Change Management Makaye InfoSec maintains a change management process to ensure that all changes made to the production environment are applied in a deliberate manner. Auditing and Logging We audit logs on systems. These logs provide an account of which personnel have accessed which systems. Access to our auditing and logging tool is controlled by limiting access to authorized individuals. Antivirus and Malware Protection Antivirus and malicious code protection are centrally managed and configured to retrieve the updated signatures and definitions available. System Backups Makaye InfoSec has backup standards and guidelines and associated procedures for performing backup and restoration of data in a scheduled and timely manner. Network Security Our infrastructure servers reside behind firewalls and are monitored for the detection and prevention of various network security threats. Vulnerability Management Ongoing vulnerability scans are done to identify vulnerabilities and to determine the effectiveness of the patch management program. Each vulnerability is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation. Incident Management Makaye InfoSec has a formalized incident response plan (Incident Response Plan) and associated procedures in case of an information security incident. Data Protection Makaye InfoSec takes all reasonable steps to protect information we receive from our users from loss, misuse or unauthorized access, disclosure, alteration and/or destruction. Business Continuity and Disaster Recovery To minimize service interruption due to hardware failure, natural disaster, or other catastrophe, we implement a backup and disaster recovery program to protect critical systems.