Data Loss Prevention (DLP) Policy

By adhering to this policy, Eververse ensures robust protection against data leakage, maintaining the confidentiality, integrity, and availability of sensitive data.

1. Purpose

The purpose of this Data Loss Prevention (DLP) Policy is to establish controls and procedures for preventing unauthorized access, use, or transmission of Eververse's sensitive data. This policy aims to protect customer data, intellectual property, and internal business information from accidental or intentional leakage while maintaining operational integrity.

2. Scope

This policy applies to all employees, contractors, and third-party partners who have access to Eververse’s systems and data. It covers all data handling processes across systems, cloud infrastructure, communication channels, and any external services or tools used by Eververse.

3. Data Loss Prevention Controls

Eververse employs the following DLP controls to protect against data leakage:

3.1 System and Network Monitoring

Uptime monitoring is used to monitor system and network activity in real-time, ensuring the early detection of unauthorized access or unusual data transfer patterns. Alerts are automatically triggered if anomalies or suspicious behavior are detected, allowing for immediate intervention.

3.2 Access Control

All access to sensitive data is governed by Role-Based Access Control (RBAC), ensuring that employees have the minimum level of access required to perform their duties. Access to sensitive data is logged and regularly reviewed for any signs of unauthorized access or misuse.

3.3 Encryption

All sensitive data, whether stored in our database (in rest) or transmitted over the network (in transit), is encrypted using industry-standard encryption protocols (e.g., TLS, AES-256) to prevent unauthorized access during storage or transfer.

3.4 Prohibition of Removable Media

The use of removable media (e.g., USB drives, external hard drives, CDs/DVDs) is strictly prohibited within Eververse. Employees are not permitted to use or transfer data via such devices to prevent physical data leakage or unauthorized copying of sensitive information.

3.5 Multi-Cloud Backup

Eververse uses a multi-cloud backup strategy where relevant, securely backing up sensitive data to multiple cloud providers. These backups are encrypted and stored in compliance with retention policies to ensure data availability without the risk of accidental or unauthorized distribution.

3.6 Email and Communication Monitoring

DLP tools are integrated with communication platforms (e.g., email) to monitor outgoing communications for sensitive information (e.g., personally identifiable information (PII), financial data). Alerts are triggered when sensitive information is identified in unapproved communications, preventing accidental or unauthorized transmission.

3.7 Cloud Storage Monitoring

Eververse uses cloud services that have built-in DLP mechanisms, such as automatic encryption of cloud-stored data and activity monitoring to prevent unauthorized data access or transfer.

4. Responsibilities

  • Employees: All employees must adhere to this policy and ensure that they handle sensitive data according to Eververse’s DLP controls. Employees are responsible for reporting any data loss incidents or violations.
  • IT and Security Teams: Responsible for implementing and managing DLP systems, monitoring data usage, and ensuring compliance with this policy.
  • CISO: Oversees the DLP program, regularly reviews DLP controls, and ensures that adequate protections are in place to mitigate data leakage risks.

5. Incident Response

In the event of a suspected data loss incident:

  1. The incident must be reported immediately to the IT and Security Teams.
  2. The Incident Response Team (IRT) will investigate and mitigate the issue, leveraging system logs from BetterStack and cloud provider audit trails to determine the source and scope of the incident.
  3. If necessary, the affected data will be recovered from secure multi-cloud backups.

6. Policy Review and Updates

This Data Loss Prevention Policy will be reviewed annually or in response to any significant changes in Eververse’s infrastructure, business operations, or data security landscape.

7. Contact Information

For any questions or clarifications regarding this Data Loss Prevention Policy, please contact us.

Get started for free

Explore problems, ideate solutions, prioritize features and plan your roadmap with the help of AI.

Get started for free
Eververse

Eververse

© Eververse 2024. All rights reserved.

HomeBlogPricingContactLegal
All systems normal