Let's Connect

Data Security Policy

Last Updated: November 8, 2024

1. Purpose

This policy outlines Davinci Technology Solutions’ commitment to protecting client data through robust security controls, including encryption, access management, and incident response protocols.

2. Scope

This policy applies to all data handled by Davinci Technology Solutions, covering data at rest, in transit, and stored on cloud services, as well as the accounts we manage for clients.

3. Security Measures

3.1 Encryption

  • Data at Rest: All customer data stored within our systems is encrypted at rest with at least AES-128 encryption, ensuring strong protection of sensitive information.

3.2 Access Control

  • Password Management: Customer passwords are stored securely in industry-standard password management tools with multi-factor authentication (MFA), ensuring controlled and secure access.
  • Multi-Factor Authentication (MFA): Davinci Technology is committed to using MFA on all company accounts and on all accounts within customer environments to the best of our ability, reinforcing security across access points.

3.3 Network Security

  • Firewall Protection: Firewalls are configured to monitor and control network traffic, safeguarding against unauthorized access and potential threats.
  • Virtual Private Network (VPN): Remote connections to client networks and our systems are secured with encrypted VPNs, restricting access to authorized personnel only.

4. Data Backup and Recovery

4.1 Backup Schedule

  • Frequency: All critical data is backed up daily to provide data resilience and ensure recovery options in case of data loss or system failure.
  • Storage Locations: Backups are securely stored on cloud services in Canada and the United States, with data encrypted to safeguard it against unauthorized access.

4.2 Disaster Recovery

  • Recovery Point Objective (RPO): We aim to maintain a 24-hour RPO, ensuring minimal data loss in case of a disaster.
  • Recovery Time Objective (RTO): We target an RTO of 72 hours, prioritizing swift recovery to minimize client service interruptions.

5. Incident Response and Breach Notification

5.1 Detection and Response

  • Monitoring: We utilize real-time monitoring to detect and respond promptly to potential security incidents. Suspicious activity or unauthorized access attempts are escalated to our security team.

5.2 Client Notification

  • Breach Notification: In the event of a breach affecting client data, we will notify impacted clients within 48 hours, providing details on the incident and recommended actions to mitigate risks.
  • Post-Incident Action: Following a breach, we conduct a thorough analysis to identify the root cause and implement additional security measures to prevent future incidents.

6. Compliance and Auditing

6.1 Regulatory Compliance

  • PIPEDA Compliance: We follow the Personal Information Protection and Electronic Documents Act (PIPEDA) to ensure the secure handling of personal data for Canadian clients.

6.2 Documentation and Record-Keeping

  • Audit Logs: Detailed audit logs are maintained for critical systems, recording access and activity. These logs are retained for a minimum of one year.
  • Policy Review: Security policies are reviewed annually to ensure they remain effective and in line with regulatory requirements.
Facebook-f Instagram Linkedin-in Twitter
© 2020 Copyright DAVINCI TECHNOLOGY SOLUTIONS. All rights reserved.