Product Marketing Alliance cares deeply about the security and privacy of the data you entrust us with, and we understand that our information security practices are important to you.
While we can’t reveal all the details of our practices, we feel it’s important to be as transparent as possible without giving a playbook to the people we’re protecting ourselves against.
Below you will find some general information about how we implement our security and privacy safeguards.
Technical Security Measures
Product Marketing Alliance employs a range of technical security measures to protect its systems, including:
- Servers and network traffic are monitored by industry-standard tools to detect and respond to any potential security breaches.
- Product Marketing Alliance runs on DigitalOcean infrastructure, using best-in-class instrumentation tools that continuously monitor the infrastructure to detect signs of a potential compromise.
- TLS encryption is part of the standard security architecture at Product Marketing Alliance. Core transport services require encryption, such as SSH or HTTPS, to exchange information.
- Encryption technology is used to provide security for online user authentication and administrator sessions.
- Remote data access to production environments or our internal staff application requires a link to the company’s intranet or a connection via a VPN which is subject to a dual authentication mechanism.
- Changes to the infrastructure and back-end environment, including changes to security tools, follow a Software Development Lifecycle (SDLC) that defines coding and release processes.
- All committed code changes are reviewed by an individual that is different than the developer and are tested prior to commit to production.
- To prevent unauthorized access, Product Marketing Alliance uses unified identity management, two-factor authentication, strong passwords, and periodic reviews of access lists to ensure that data is used only as intended.
- Authorized access to internal support tools is controlled by means of a VPN, in addition to a user system requiring a unique, long password.
- All employees that have access to live production infrastructure and applications are required to authenticate with two-factor authentication.
- Unique personnel IDs are used to authenticate to systems.
- Passwords are configured to enforce password length and complexity.
- Login history and failures are tracked.
- Product Marketing Alliance takes the following actions to ensure that the parties authorized to use a data processing system only have access to the data for which they have been specifically cleared, and that stored data or data being processed cannot be read, copied, changed or removed:
- Authorization for Product Marketing Alliance services and internal applications is enforced at all times and at all levels of a given system, with access rights being granted or processed on the basis of the personnel member’s job responsibilities / need-to-know, which is provided via workflow tools.
- Access to production systems is restricted to trained and specifically authorized personnel members. Such access is revoked in the event of an individual’s dismissal or termination of employment. All members of the team with access to production systems may access production solely behind a two-factor authenticated session.
- Product Marketing Alliance uses a centralized logging system. Access to the logging system is restricted to authorized personnel and the logs are protected from modification and deletion from non-admin personnel.
Administrative Security Measures
- Strict policies are in place to address and limit access to our systems. For certain data access tools, tool owners authorize the nature and extent of access privileges prior to granting access. The procedures for requesting and generating certificates to access data for development and production are documented.
- Product Marketing Alliance employees are required to complete security training as part of their onboarding.
- Product Marketing Alliance’s engineering team conducts company-wide security awareness activities to reinforce information security practices and policies.
- Product Marketing Alliance has in place a security incident response process to respond to security issues and concerns.
Physical Security Measures
- Among other measures, Product Marketing Alliance takes the following actions to prevent unauthorized access to personal information:
- Physical access to Product Marketing Alliance’s facilities is restricted behind keycard access and our building is monitored 24/7.
- All individuals must identify themselves to security personnel in order to be admitted to the Product Marketing Alliance offices during business hours and must have a valid employee badge to access outside of business hours.
- There are documented processes in place for the issuance of Product Marketing Alliance building access badges; the possession as well as the return of such badges is tracked and verified
- Only authorized Product Marketing Alliance visitors and building staff are granted access to the premise
If you come across a vulnerability in the Product Marketing Alliance Platform, please email email@example.com instead of sharing it publicly. Product Marketing Alliance takes proactive steps to stay ahead of emerging security threats, and appreciates your cooperation in maintaining the security of our Platform.If you believe the security of your account has been compromised or are seeing suspicious activity in your account, you should change your password immediately and contact firstname.lastname@example.org with any concerns.