1.1 This policy (the "Klaxon Security Policy") governs the technical controls and organisational controls that Klaxon has implemented protect Customer Data.
1.2 References in this Policy to "you" are to any customer for Klaxon and any individual user of Klaxon (and "your" should be construed accordingly); and references in this Policy to "us" are to identify provider(and "we" and "our" should be construed accordingly).
2 Technical Controls
2.1 Encryption of data at rest within the Klaxon web application, using database encryption.
2.2 Encryption of data in transit between the Klaxon web application and Customer endpoints, using SSL encryption.
2.3 Encryption of email alerts sent to the Customer, using TLS encryption, if the Customer supports this.
2.4 Encryption of Microsoft Skype for Business/Microsoft Teams between the Klaxon web application and the Customer endpoints, using SSL encryption.
2.5 Weekly external vulnerability scans of the Klaxon web application.
2.6 SAML/OAUTH based authentication, if the Customer supports this.
3 Organisational Measures
3.1 Klaxon will maintain ‘Cyber Essentials Plus’ certification.
3.2 Annual GDPR / Information Security training.