<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1002440373908381&amp;ev=PageView&amp;noscript=1">
Success Stories Pricing Login Access Demo Kitchen Book a chat
Success stories Pricing Login Access Demo Kitchen Book a chat

 Security Policy

Last updated: August 22, 2024

We are committed to ensuring the highest level of security for the personal data we process. Below is a summary of the technical and organisational measures we have implemented:

 

1. Role-Based Access Control (RBAC)

  • Access to data and systems is strictly controlled based on the principle of least privilege.
  • Only authorised personnel have access to specific data, applications, and environments according to their role.
  • Regular reviews of access permissions are conducted to ensure appropriate access levels are maintained.

2. Data Encryption

  • Encryption at Rest: All sensitive data is encrypted using AES-256, ensuring that data stored in our databases and file systems remains secure
  • Encryption in Transit: Data transmitted between systems, including web and API communications, is encrypted using TLS 1.2/1.3 to protect against interception and unauthorised access.

 

3. Regular Audits and Vulnerability Assessments

  • We conduct regular internal audits of our web and API applications to identify and address potential security vulnerabilities.
  • Vulnerability scanning tools are employed to continuously assess and mitigate risks across our systems.

 

4. Continuous Monitoring and 24/7 Alerting

  • Our systems are continuously monitored using automated tools that track system performance, security events, and potential breaches.
  • We have implemented 24/7 alerting mechanisms that notify our security team of any anomalies or suspicious activities, allowing for immediate response and remediation.

 

5. Incident Response and Management

  •  An incident response plan is in place, outlining procedures for detecting, reporting, and responding to security incidents.
  • Our team conducts regular drills and reviews to ensure preparedness and effective incident handling.

 

6. Data Backup and Recovery

  • Regular backups of critical data are conducted to secure locations, ensuring data integrity and availability in the event of system failures or data loss.
  • We have established data recovery protocols that are regularly tested to ensure timely restoration of services.

 

7. Change Management

  • All changes to our systems, applications, and infrastructure are managed through a change management process.
  • This process includes risk assessment, testing, approval, and documentation to ensure changes do not negatively impact security or compliance.

 

8. Employee Security Training

  • All employees undergo security training as part of their onboarding process, with regular refreshers to stay updated on the latest security practices and threats.
  • Security awareness is ingrained in our company culture, ensuring that all staff understand their role in maintaining the security of our systems and data.


These measures are integral to our commitment to protecting the data entrusted to us by our partners and users. As we continue to advance our SOC 2 Type II compliance efforts, this document will be regularly reviewed to meet evolving security standards.

 

Contacts and questions, please email letscook@getjelly.co.uk