Impro Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Data Encryption at Rest

Data is encrypted at rest to protect it from unauthorized access if the storage device is lost, stolen, or otherwise compromised.

Data Encryption in Transit

Data is encrypted in transit to protect against unauthorized interception or eavesdropping as it is transmitted between systems or over networks.

Data Inventory and Mapping

A Data inventory is in place to identify, document, and locate sensitive and regulated data within the organization.

Data Loss Prevention

Data Loss Prevention (DLP) mechanisms are deployed to help prevent unauthorized or accidental transmission or disclosure of sensitive or confidential data outside the organization’s network.

Data Management Policy

The organization has implemented a Data Management Policy focusing on safeguarding sensitive information. It includes measures and practices such as data encryption, access controls, backups, disaster recovery, and policies and procedures for managing data throughout its lifecycle, from creation to disposal.

Data Protection Measures

The organization implements comprehensive data protection measures to secure sensitive and confidential information from unauthorized access, use, disclosure, alteration, or destruction. Data protection is vital for maintaining individual and organizational privacy, complying with legal and regulatory requirements, preserving business reputation and trust, and mitigating the risk of financial losses resulting from data breaches or cyberattacks.

Data Retention and Disposal Procedures

The data retention and disposal procedures outline the organization’s storage, maintenance, and disposal of data. Information assets are managed in a manner that meets the organization’s legal, regulatory, and business requirements. The policy is reviewed and updated regularly to ensure it remains relevant and effective in managing the organization’s information assets.

Encryption Practice

The organization has implemented an encryption practice that includes requirements for encryption of all data in-transit over public networks and all customer data at-rest in databases. An encryption and key management policy defines how encryption should be used to protect sensitive data. It outlines the specific algorithms, protocols, and key sizes that should be used to encrypt data at rest, in transit, and in use.

Key Management

Encryption key management is used to generate, store, distribute, and revoke encryption keys used to secure sensitive data in order to protect the confidentiality, integrity, and availability of encryption keys throughout their lifecycle.

System and Information Integrity

The organization validates system and information integrity to ensure confidentiality, availability, and integrity of information systems and the data they contain. The organization has established measures to prevent unauthorized access, modification, and destruction of information, as well as protection against system failures and other threats.