Security Policy

1. Infrastructure Security

Our systems are hosted on enterprise-grade cloud infrastructure with redundancy, automatic backups, and disaster recovery capabilities. We use multiple data centers with geographic distribution to ensure service availability and data protection.

2. Data Protection

We implement multiple layers of data protection:

• AES-256 encryption for data at rest
• TLS 1.3 for all data in transit
• Secure key management with HSM (Hardware Security Module)
• Regular encrypted backups with integrity verification
• Data retention policies in compliance with regulations

3. Access Control

Access to systems and data is strictly controlled:

• Multi-factor authentication (MFA) for all users
• Role-based access control (RBAC) with principle of least privilege
• Single sign-on (SSO) integration
• Regular access reviews and privilege audits
• Immediate revocation of access upon termination

4. Network Security

Our network is protected by:

• Enterprise firewalls and intrusion detection/prevention systems
• DDoS protection and mitigation
• Web Application Firewall (WAF)
• Regular network penetration testing
• Network segmentation and isolation

5. Application Security

We follow secure development practices:

• Secure coding standards and code reviews
• Static and dynamic code analysis
• Regular security testing and vulnerability scanning
• OWASP Top 10 vulnerability prevention
• Dependency management and patch updates

6. Compliance & Certifications

Allied iMpact maintains compliance with:

• GDPR (General Data Protection Regulation)
• POPIA (Protection of Personal Information Act)
• ISO 27001 Information Security Management
• SOC 2 Type II audit compliance
• Industry-specific compliance requirements

7. Incident Response

In the event of a security incident:

• 24/7 security monitoring and incident detection
• Documented incident response procedures
• Rapid containment and remediation protocols
• User notification within 72 hours (where required)
• Post-incident analysis and prevention measures

8. Employee Security

Our team is trained in security best practices:

• Mandatory security awareness training
• Background checks and vetting for all employees
• Confidentiality and NDA agreements
• Regular security briefings and updates
• Secure work practices and device management

9. Third-Party Security

We carefully vet and manage third-party service providers through security assessments, contracts with stringent data protection clauses, regular audit and compliance verification, and continuous monitoring.

10. Security Testing & Improvements

We maintain a strong security posture through:

• Quarterly penetration testing
• Annual security audits
• Continuous vulnerability assessments
• Bug bounty program for external researchers
• Regular security updates and patching

11. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly to security@alliedimpact.com. We ask that you do not publicly disclose the issue until we have had time to address it. We take all reports seriously and will acknowledge receipt within 24 hours.

12. Contact Information

For security-related inquiries or concerns, please contact:
Email: security@alliedimpact.com
Phone: Available upon request
Response Time: Security inquiries are prioritized and typically responded to within 24 hours