Measures
Personnel Security
Background Checks. Screendesk conducts background checks for employees and contractors with systems access to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Confidentiality. Screendesk personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Screendesk's internal policies.
Security Education and Awareness Training. Screendesk personnel are required to attend security and privacy training upon hire and annually thereafter.
Organizational Security
Access Controls. Screendesk implements access provisioning based on the principle of least privilege and access removal controls promptly upon termination.
Multi-factor Authentication (MFA). Screendesk employs multi-factor authentication for access across our production environment and internal systems containing Customer Data.
Passwords. Screendesk requires and enforces password complexity requirements where passwords are employed for authentication (e.g., login to workstations). These requirements include restrictions on password reuse and sufficient password strength.
Anti-Virus and Malware. Screendesk employs an anti-virus and malware solution with daily signature updates for end user devices.
Endpoint Security. Screendesk-issued devices are configured by Screendesk's endpoint management solutions which include inactivity screensaver timeouts, full disk encryption, remote data wipe and lock capabilities, and regular patching.
Information Security. Screendesk personnel are required to acknowledge and comply with Screendesk Information Security policies and standards. Noncompliance is subject to disciplinary action, up to and including termination of employment.
Monitoring and Incident Response. Screendesk maintains incident detection capabilities and a documented incident response program. In the event of an incident, Screendesk will promptly take reasonable steps to minimize harm and secure Customer Data.
Data Practices
Industry Standard Encryption. Data in transit is encrypted using TLS 1.2+, and data at rest is encrypted using AES-256.
Retention and Deletion. Screendesk maintains backup data for up to 30 days after a video has been permanently deleted by an end user. Video data is then permanently deleted.
Secure Destruction. Screendesk's primary hosting provider complies with Department of Defense standards for secure erasure and secure decommissioning of storage media.
Storage. Screendesk stores data in a multi-tenant environment hosted on AWS servers and logically isolates Customer Data.
Network Protection
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.
Monitoring, Logging, and Alerting. Screendesk logs application logs to monitor for any suspicious activity. This is done using an SIEM (Security Incident and Event Management) tool. All alerts are triaged by Screendesk's Security Team and a security incident is raised after log introspection.
Application Security
Vulnerability Scanning. Screendesk has a robust vulnerability management program which is used to define security risk scores, severity ratings and SLAs. This program helps prioritize security fixes and identify compensating controls.
Dependency Management. Screendesk ensures both application level dependencies and OS level packages are updated regularly to patch security issues. Github Dependabot is used for application level libraries and Trivy (OSS) are used for OS level packages.
Static Application Security Testing (SAST). Screendesk utilizes SAST to identify security vulnerabilities in our source code. This is integrated as a pull request level check in Github which preemptively identifies security issues before a branch is merged to Screendesk's main branch.
RBAC (Role Based Access Control). Screendesk uses IAM (Identity and Access Management) policies to enforce strict access controls for employees to access customer personal data and videos. All user activity is logged and monitored for anomalies.
Data Hosting
Data Centers. Screendesk hosts data on Amazon Web Services (AWS), which maintains internationally recognized world-class compliance certifications and reports. AWS maintains industry-leading security practices, offers state-of-the art environmental and physical protection for the services and infrastructure that comprise Screendesk's operating environment.
Backups. Screendesk conducts periodic database backups. Backups are retained for 30 days during the normal course of operations.
Replication. Screendesk also replicates databases and database backups in alternate availability zones. We perform regular backups and restoration testing.
Redundancy. Screendesk's infrastructure has been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. This design allows Screendesk to perform maintenance and improvements of the infrastructure with minimal impact on the production systems.
Business Continuity. Screendesk replicates data across multiple systems to help protect against accidental destruction or loss.
Subprocessors
Due Diligence. Screendesk conducts security reviews for vendors prior to onboarding to ensure adequate level of security, compliance, and privacy for the scope of services provided.
Last updated