WOWzer Technology Inc. Security Program.
WOWZER Technology Inc. (WOWzer) will maintain an information security program designed to:
- Enable Customers to secure Customer Data against accidental or unlawful loss, access, or disclosure.
- Identify reasonably foreseeable risks to the security and availability of the WOWZER Network, a system of interconnected resources that transmit and exchange data and information.
- Minimize the WOWzer Network’s physical and logical security risks through regular risk assessment and testing.
- Designate one or more employees to coordinate and be accountable for the information security program.
WOWzer’s Security Program will include the following measures:
- Access Controls.
WOWzer will make the WOWzer Network accessible only to authorized personnel, and only as necessary to maintain and provide the Services. WOWzer will maintain access controls and policies to manage authorizations for access to the WOWzer Network from each network connection and user, including through firewalls or functionally equivalent technology and authentication controls. WOWZER will maintain access controls designed to:- Restrict unauthorized access to data.
- Segregate each customer’s data from other customers’ data.
- Restricted User Access.
Provision and restrict user access to the WOWzer Technology Inc. (WOWzer) will maintain an information security program designed to:
- Enable Customers to secure Customer Data against accidental or unlawful loss, access, or disclosure.
- Identify reasonably foreseeable risks to the security and availability of the WOWZER Network.
- Minimize the WOWzer Network’s physical and logical security risks through regular risk assessment and testing. WOWzer’s Network includes interconnected resources that transmit and exchange data and information.
- Designate one or more employees to coordinate and be accountable for the information security program.
Technology Inc. (WOWzer) will maintain an information security program designed to:
- Enable Customers to secure Customer Data against accidental or unlawful loss, access, or disclosure.
- Identify reasonably foreseeable risks to the security and availability of the WOWZER Network.
- Minimize the WOWzer Network’s physical and logical security risks through regular risk assessment and testing. WOWzer’s Network includes interconnected resources that transmit and exchange data and information.
- Designate one or more employees to coordinate and be accountable for the information security program.
Technology Inc. (WOWzer) will maintain an information security program designed to:
- Enable Customers to secure Customer Data against accidental or unlawful loss, access, or disclosure.
- Identify reasonably foreseeable risks to the security and availability of the WOWZER Network.
- Minimize the WOWzer Network’s physical and logical security risks through regular risk assessment and testing. WOWzer’s Network includes interconnected resources that transmit and exchange data and information.
- Designate one or more employees to coordinate and be accountable for the information security program.
- Network by least privilege principles based on personnel job functions.
- Require review and approval before provisioning access to the WOWZER Network above least privileged principles, including administrator accounts.
- Perform quarterly review of WOWzer Network access privileges and, where necessary, promptly revoke WOWzer Network access privileges.
- Require multi-factor authentication to access the WOWzer Network from all locations.
- Vulnerability Assessments.
WOWzer will perform regular external vulnerability assessments and penetration testing of the WOWzer Network, investigate identified issues, and track them to resolution promptly. - Application Security.
Before publicly launching new Services or significant new features of Services, WOWzer will perform application security reviews designed to identify, mitigate, and remediate security risks. Minor changes or bug fixes will be implemented as needed. - Change Management.
WOWzer logs, authorize, test, approve and document changes to existing WOWzer Network resources and will document change details within its change management or deployment tools. WOWzer will test changes according to its change management standards before migration to production. - Data Integrity.
WOWzer will maintain controls designed to provide data integrity during transmission, storage, and processing within the WOWZER Network. WOWzer will allow Customers to delete Customer Data from the WOWzer Network. - Business Continuity and Disaster Recovery.
WOWzer maintains a risk management program to support the continuity of its critical business functions (“Business Continuity Program”). The Business Continuity Program includes processes and procedures for the identification of, response to, and recovery from events that could prevent or materially impair WOWzer’s provision of the WOWzer Services. - Incident Management.
WOWzer has incident response plans to respond to potential security threats to the WOWZER Network. WOWzer incident response plans will have defined processes to detect, mitigate, and investigate security incidents. - WOWzer has implemented redundant systems for the WOWzer Network designed to minimize the effect of a malfunction on the WOWzer Network and implement automated processes designed to move customer data traffic away from the affected area in the case of hardware failure.
- Employee Security Training.
WOWzer has implemented employee security training programs regarding WOWzer’s information security requirements. The security awareness training programs will be reviewed and updated at least annually. - Background Checks.
Where permitted by law and to the extent available, WOWzer will require that each employee undergo a background investigation that is reasonable and appropriate for that employee’s position and level of access to the WOWzer Network. - Continued Evaluation.
WOWzer conducts periodic reviews of the information security program for the WOWzer Network. WOWzer will update its information security program to respond to new security risks and take advantage of new technologies.