Medzy Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Data Inventory and Mapping

Data inventory and mapping are in place to identify, document, and locate sensitive and regulated data within the organization. This information is necessary for proper data classification, risk assessment, and implementation of appropriate security controls to protect the data throughout its lifecycle. It also helps ensure compliance with applicable laws and regulations and enables the organization to respond more effectively to security incidents and data breaches.

Data Loss Prevention

A Data Loss Prevention (DLP) program is in place to help prevent unauthorized or accidental transmission or disclosure of sensitive or confidential data outside the organization’s network. It typically involves monitoring and enforcing policies related to data access, usage, and transfer, and may include techniques such as encryption, data classification, and user activity monitoring. DLP aims to protect the organization’s sensitive data from being compromised or lost and ensure compliance with relevant regulatory and legal requirements.

Data Management Policy

The organization has implemented a Data Management Policy focusing on safeguarding sensitive information. It includes measures and practices such as data encryption, access controls, backups, disaster recovery, and policies and procedures for managing data throughout its lifecycle, from creation to disposal. Data protection is essential for maintaining the confidentiality, integrity, and availability of information and is particularly important for compliance with data protection regulations and standards.

Data Protection Measures

The organization implements comprehensive data protection measures to secure sensitive and confidential information from unauthorized access, use, disclosure, alteration, or destruction. Data protection is vital for maintaining individual and organizational privacy, complying with legal and regulatory requirements, preserving business reputation and trust, and mitigating the risk of financial losses resulting from data breaches or cyberattacks.

Data Retention and Disposal Procedures

The data retention and disposal procedures outline the organization’s storage, maintenance, and disposal of data. Information assets are managed in a manner that meets the organization’s legal, regulatory, and business requirements. The policy is reviewed and updated regularly to ensure it remains relevant and effective in managing the organization’s information assets.

Encryption Practice

The organization has implemented an encryption practice that defines how encryption should be used to protect sensitive data. It outlines the specific algorithms, protocols, and key sizes that should be used to encrypt data at rest, in transit, and in use. The policy also includes guidelines for key management, data backup, and disaster recovery.

Key Management

Encryption key management is used to generate, store, distribute, and revoke encryption keys used to secure sensitive data in order to protect the confidentiality, integrity, and availability of encryption keys throughout their lifecycle.