The locations where your information is kept, such as data centers, offices, and remote storage facilities, will be equipped with suitable and physical security controls.

These precautions consist of:

1. Physical entry to our data centers, where client data is housed, is restricted to authorized personnel exclusively, with access confirmed through biometric methods. Physical security protocols for our data centers encompass on-site security personnel, closed-circuit video surveillance, man traps, and further intrusion prevention measures.

2. Orbee upholds a business continuity and disaster recovery program to guarantee services stay accessible or can be quickly restored in the event of a catastrophe. These strategies are assessed and examined at least once a year.

The networks through which your data is transmitted will be safeguarded against unauthorized access or intrusion, whether originating internally or externally.

The steps taken to ensure this protection are:

1. Conducting regular external and internal vulnerability scans and notifying the pertinent data exporter about any concerns.

2. Sustaining perimeter protections like firewalls and data loss prevention systems.

3. Preserving internal defenses, such as security information event management, to examine log files and detect unusual activities and other potential threats.

The devices and platforms used to store your data, such as servers, workstations, laptops, cloud services, and other portable media, will be safeguarded against recognized threats by:

The steps taken to ensure this protection involve:

1. Implementing and regularly updating anti-virus or anti-malware systems for all operating systems.

2. Ensuring secure configurations are in place for operating systems.

3. Preserving internal defenses like security information event management for log file analysis, aimed at detecting unusual activities and other potential threats.

Your data's confidentiality will be upheld by safeguarding it in every location it is stored and during any instance of transmission.

These practices and protocols might involve:

1. Safely disposing of paper, equipment, media, and data.

2. Ensuring the security of data during transmission through encryption methods.

Your data will be accessed solely by Orbee authorized personnel through methods such as:

1. Utilizing unique usernames and passwords to access the IT systems hosting your data, including the use of multi-factor authentication for remote system access.

2. Implementing security policies to guarantee that passwords are not shared and that system passwords are updated periodically in accordance with best practice recommendations.

3. Making sure access to your data is authorized and approved.

4. Establishing a distinct separation of responsibilities among users.

5. Granting access based on the principle of least privilege.

6. Revoking access when necessary.

We will ensure that relevant elements of sound security practices are implemented while processing any of your data.

These procedures encompass:

1. Establishing and enforcing policies regarding the secure management and handling of data, and ensuring that all Orbee employees are aware of these policies through awareness training.

2. Making certain that developers receive training and remain current in secure coding techniques.

We will ensure and maintain the integrity of personnel accessing your data by:

1. Evaluating the trustworthiness of Orbee employees who will have access to personal data.

2. Establishing and enforcing policies on the secure handling and care of data, and taking steps to ensure that all Orbee employees are aware of these policies.

3. Reviewing any sub-processors that we will use, to ensure proper security measures are in place.

4. Making certain that any third party adheres to the minimum set of controls prescribed by our information security policies.

5. Third-party subcontractors will be obligated to adhere to technical and organizational measures that are at least as stringent as the measures that we commit to you. We continuously review these measures and update them as needed to align with industry standards. If requested, we will provide you with a description of our current measures.

We have implemented a collection of data breach security procedures that encompass the following components:

1. Identification: Determining the specifics of the incident and devising a diagnostic, containment, and communication plan for those whose data has been impacted.

2. Containment: Restricting the scope of the data compromise.

3. Elimination: Eliminating all facets of the malicious code or configuration, if applicable.

4. Recovery: Restoring data and systems to a known secure state, free from vulnerabilities.

5. Evaluate: Evaluating how to prevent similar occurrences in the future.

6. Alert: Informing relevant stakeholders of the data breach within legally and industry-accepted obligations and timeframes.

Ensuring system availability is our foremost concern. To achieve this, we operate several geographically distributed data centers and have established strong disaster recovery and business continuity plans.