Observic Ltd Security Policy
1. Introduction
This Security Policy outlines Observic Ltd's measures to protect its data, systems, and applications. The policy aims to ensure the confidentiality, integrity, and availability of our resources.
2. Server Location
-
AWS Server Location: Our AWS server is located in London County (eu-west-2).
3. Operating System Security
-
Ubuntu Security: Regular updates and patches are applied to keep the operating system secure from vulnerabilities.
4. Network Security
-
Firewalls: Configured firewalls to control incoming and outgoing traffic.
-
Secure SSH: Secured SSH with key-based authentication and restricted root access.
5. Data Protection
-
Disk Encryption: Enabled disk encryption to protect data at rest.
-
Regular Backups: Regular backups are scheduled to ensure data is protected and can be restored in case of any data loss incidents.
6. Application Security
-
Secure HTTP Headers: Configured secure HTTP headers to prevent common web vulnerabilities such as XSS and clickjacking. Security Headers Check
-
SSL/TLS Configuration: SSL/TLS has been configured to encrypt data in transit, ensuring secure communication channels. SSL/TLS Check
-
Restrict Access to Sensitive Directories: Access to sensitive directories has been restricted to authorized personnel only, reducing the risk of unauthorized access.
7. Amazon S3 Security
-
Bucket Policies and IAM Policies: Implemented bucket policies and IAM policies to manage and restrict access to S3 buckets and objects.
-
S3 Encryption: Enabled server-side encryption for all S3 objects to protect data at rest.
8. Database Security
-
User Management: User privileges are strictly controlled and unnecessary privileges are removed.
-
Encryption: Data is encrypted both in transit and at rest.
-
Regular Updates: The database is regularly updated and all security patches are applied.
-
Strong Passwords: Enforced the use of strong, complex passwords for all users.
9. Monitoring and Auditing
-
AWS CloudWatch: Enabled AWS CloudWatch to monitor resource utilization and performance.
-
Audit Log Reviews: Scheduled regular reviews of audit logs to detect and respond to any suspicious activities promptly.
This Security Policy is effective as of 01/11/2023 and will remain in effect until updated or replaced. All employees, contractors, and third-party partners must adhere to this policy to ensure the security of Observic Ltd's data and systems.
For any questions or concerns regarding this policy, please contact:
Observic Ltd Security Team
Email: security@observic.com