Security Policy

Effective Date: July 29, 2024

Smart Glazier Software takes the security and privacy of your data very seriously. We implement a comprehensive security program that meets industry standards and complies with the General Data Protection Regulation (GDPR).This policy outlines the measures we take to protect your data and keep your source code private.

1. Data Security

• The data we store is outlined in our Privacy Policy.
• We implement security measures to protect customer data from unauthorised access, disclosure, alteration, and destruction. These include:
• Encryption of sensitive data in backups and in transit.
• Access controls that limit access based on the principle of least privilege.
• User activity logging to monitor data access.
• We are committed to complying with the GDPR and its data protection principles.

2. Physical Security

All Smart Glazier Software production servers are housed in top-tier data centres with enterprise-grade security features.

• 24x7 onsite security
• Controlled access requiring proximity badge and/or biometric scanning
• Video surveillance

3. Backups

• All data are backed up to offsite systems
• Our production systems are replicated to our disaster recovery environment in realtime.

4. Environmental Controls

• Climate control
• Redundant N+1 cooling system
• Pre-action Fire Suppression

5. Connection Security

• Connections to Smart Glazier Software are made via SSL and HTTPS by default

6. Power

• N+1 UPS Battery Backup Units
• N+1 Backup Power Generators

7. System-Level Security

• All customer data is stored on redundant disk arrays.
• 24/7 server monitoring to identify and address potential security issues promptly.
• All production systems run recent, patched versions of underlying operating systems.
• Non-Smart Glazier Software personnel are not permitted shell access for any reason.
• We enforce security on SGS products at the database level through per user permissions.
• System usage and change history logs are maintained for security purposes.

8. Data Breach Notification

In the event of a data breach, we will take all necessary steps to contain the incident, investigate the cause, and notify affected users and relevant authorities within the timeframe mandated by GDPR.

9. User Access Controls

We enforce strong password policies and the principle of least privilege for user access controls.

10. Incident Response

We have a documented incident response plan that outlines the steps we will take to identify, contain, and remediate security incidents.