SUMADI Data Security policy

Our services have been designed with security always as our number one priority, to protect our customers, we ensure that the best practices are being applied for our applications we also follow different processes for the uninterrupted monitoring of our services, SUMADI provided services are being delivered to our customers using state-of-the-art security practices that certify processed data is invariably safe.

SUMADI has implemented different security measures to ensure data protection, customers privacy and platform security for the users, part of these security functionalities are the following:

  • End-To-End Encryption: E2EE is a secure communication process that prevents third parties from accessing data transferred from one endpoint to another. All connections to our services are using SSL (TLS 1.3). Certificate keys are frequently changed by our security team to ensure further protection.
  • Classification of Data: We classify all the data we process according to its sensitivity level the levels we have implemented are Public, Sensitive and Confidential. All our data is being advised accordingly to the category it comes in.
  • Physical Security: All our services are allocated under AWS Data centers; AWS supplies us with the higher grades of industry standards regarding physical access, AWS have implemented various levels of surveillance into their data centers, any authorized person should surpass different access controls including double factor authentication in more than a single occasion.
  • Access Control and Authentication: We manage the access to customer data with permission management systems and web application firewalls, with weekly audits of access to each service implemented into the organization. We review and approve all access to our systems containing Sensitive or Confidential data. We verify and change access for all employees who are changing of function within SUMADI; we revoke access to all our assets when an employee leaves the organization.
  • Threat Management: We have documented the level of compliance for Privacy and Security frameworks as well as various processes to follow regarding the mitigation of internal and external threats on our Data Protection Impact Assessment (DPIA). We require the DPIA where the processing of Personal Data and/or Sensitive Data by SUMADI is likely to result in a risk to the rights and freedoms of individuals.
  • Hardware Security: SUMADI is preparing to implement zero-trust policies and processes that will ensure that Personal Information is secured against unauthorized access, loss, use, modification, or disclosure and any mistreatment. SUMADI rigorously secures and ensures all devices by applying encryption, access logs, virtual private networks, backups, we are constantly looking for new ways to ensure our systems.