Data Security Policy

Last updated 1st August 2024

1. Purpose

The purpose of this Data Security Policy is to establish a framework for ensuring the confidentiality, integrity, and availability of all data processed and stored by Eventflow Technologies Ltd. This policy outlines the measures and controls implemented to protect customer and exhibitor data from unauthorised access, loss, or compromise.

2. Scope

This policy applies to all employees, contractors, and third-party vendors of Eventflow Technologies Ltd who have access to or handle customer and exhibitor data.

3. Definitions

  • At Rest: All data stored within our systems is encrypted using industry-standard AES-256 encryption.
  • In Transit: Data transmitted over networks is protected using TLS/SSL encryption to prevent interception and unauthorised access.

4. Access Controls

  • Authentication: Multi-factor authentication (MFA) is required for accessing sensitive systems and data.
  • Authorisation: Role-based access control (RBAC) is implemented to ensure that users have the minimum level of access necessary for their role.
  • Audit Logs: Detailed audit logs are maintained to track access and modifications to data, ensuring accountability and traceability.

5. Network Security

  • Firewalls: Advanced firewall configurations are in place to protect our network from unauthorised access and threats.
  • DDoS Protection: Distributed Denial of Service (DDoS) protection mechanisms are employed to mitigate potential attacks.
  • VPC Configurations: Virtual Private Cloud (VPC) setups are utilised to isolate and secure our services within the cloud infrastructure.

6. Data Backup and Recovery

  • Automatic Backups: Regular automatic backups of critical data are performed to ensure data integrity and availability.
  • Disaster Recovery: Robust disaster recovery plans are in place to restore data and services in the event of a significant incident or data loss.

7. Security Policies and Procedures

  • Security Rules: Granular access controls are enforced to protect data within our applications.
  • Patch Management: All security patches and updates are applied promptly to maintain the security of our systems and applications.

8. Compliance

  • Regulatory Compliance: Our data security practices comply with major regulatory standards, including GDPR, ISO/IEC 27001, and SOC 2.

9. Vendor Management

  • Security Standards: All third-party vendors and integrations must adhere to Google Cloud’s security standards.
  • Secure APIs: Vendors are required to use secure APIs and services to ensure data protection.

10. Employee Training

  • Security Awareness: Regular training sessions are conducted to ensure all employees are aware of data security best practices and their responsibilities.
  • Policy Adherence: Employees are required to adhere to this policy and report any potential security incidents or vulnerabilities.

11. Policy Review

This policy will be reviewed annually and updated as necessary to ensure its effectiveness and alignment with industry best practices and regulatory requirements.

10. Contact Information

For any questions or clarifications regarding this policy, please contact the DevOps Team at [email protected].

Eventflow Technologies Ltd.
Effective Date: 01/08/2024
Reviewed by: Christian Skelton, Director
Approved by: Henry Barnett, Director

Cyclists competing at cycle event

Schedule an Eventflow Exhibitor Manual Demo

Complete the form below to book a no-obligation, 15-minute Eventflow exhibitor manual demo. Discover how Eventflow is streamlining event management, one exhibitor at a time.
Thank you! We have received your demo request.
Oops! Something went wrong while submitting the form.