SECURITY

Security

1. Technical and Organizational Security Measures

LJI has implemented and maintains an up to date state of the art security program in accordance with industry standards, which shall include:

Access Control of Processing Areas

Suitable measures in order to prevent unauthorized persons from gaining access to the data Processing equipment, namely the database and application servers and related hardware, where Personal Data are Processed. This may be accomplished by using 3rd party Cloud Platform (currently, AWS). No LJI employee has access to the applicable physical environments. Cloud Platform (AWS) is responsible for physical and environmental security of data processing systems. Specific Measures employed by AWS are present in https://aws.amazon.com/compliance/data-center/controls/

Access Control to Data Processing Systems

Suitable measures to restrict access to Personal Data to only those Service Provider personnel with such authorization; prevent any access to Personal Data and data Processing systems from unauthorized persons. This may be accomplished by:

Availability Control

Suitable measures to ensure that Personal Data are protected from accidental destruction or loss. This may be accomplished by:

Transmission Control

Suitable measures to prevent Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This may be accomplished by:

In addition, Personal Data will not be transferred using email.

Network Security

The Customer data will be encrypted during transmission (e.g., through SSL or SFTP). LJI will maintain multi-layered, enterprise class network software (e.g., routers, firewalls and load balancers) configured to industry standard practices for protection against and detection of common network attacks. LJI will monitor its network for attacks.

LJI will ensure the security of network and information systems, and will implement measures which minimize the impact of incidents affecting security.

Input Control

Suitable measures to ensure that it is possible to check and establish whether and by whom Personal Data have been input into data Processing systems or removed. This may be accomplished by:

Separation of Processing for Different Purposes

Suitable measures to ensure that data collected for different purposes can be processed separately. This may be accomplished by:

Application Security

LJI’s system development lifecycle include’s a controlled source code management system, peer review, and testing against common vulnerabilities (e.g., the Common Vulnerability Scoring System database and OWASP Top 10 list). LJI leverages static application security testing upon code check in.

LJI Workstation Security

LJI workstations accessing Personal Data are secured using industry standard technology and practices (e.g., firewalls, disk encryption, inactivity timeouts / system locks, and asset tracking, anti malware).

For the avoidance of doubt, Personal Data will not be stored on end points computers related to LJI or on any external storage media which do not deploy full encryption.

Training

LJI will ensure that all employees, agents and sub-contractors receive adequate and regular training (including but not limited to compliance, security and privacy training), and keep track records of such training.