Q: What processes do you have in place for regularly testing and evaluating the effectiveness of your data security measures?

A: We have processes in place for regularly testing and evaluating the effectiveness of our data security measures. We conduct regular security reviews to identify vulnerabilities and assess the overall effectiveness of the security controls in place. We also have a security awareness program that includes regular training and awareness sessions for all employees to ensure they understand their responsibilities in maintaining data security. Furthermore, we conduct an annual review of our privacy policy to ensure that personal information is used in conformity with the purposes identified in the privacy notice. Our Disaster Recovery Plan is tested annually to ensure that it is effective and that data can be recovered in the event of a loss.

Testing and Evaluation Processes include:

Annual penetration testing – Scheduled for Q3 2024

Annual access reviews – To ensure proper authorizations are in place commensurate with job functions. Scheduled for Q1 2025.

Vulnerability scanning – Undertaken as part of our regular development cycle

Annual security policy review of the following – Backup Policy; Software Development Life Cycle Policy; Risk Assessment Policy; System Access Control Policy; Vulnerability Management Policy; Change Management Policy; Information Security Management System (ISMS) Plan 2022. Scheduled for Q1 2025