unmess recognises the paramount importance of data security and the fiduciary trust entrusted to us by our clients to safeguard their sensitive information. In safeguarding your financial data, we rely on a comprehensive suite of managed services, each rigorously vetted and demonstrably adhering to the highest industry security standards and established protocols. This document comprehensively outlines our robust security measures and the accompanying certifications attained by the integrated services, all in the ongoing pursuit of guaranteeing the most comprehensive data protection for our valued clientele.
unmess- All our managed services are SOC II-compliant.
unmess- All our managed services are SOC II-compliant.
unmess Security Practices
unmess Security Practices
unmess ensures data security through the following measures:
Network Segmentation:
To enhance security, unmess maintains its web servers and databases on separate network segments. This segregation restricts lateral movement within the infrastructure, further safeguarding client data.
Data Retention:
unmess respects the right to data erasure. Client data is securely deleted upon request or automatically following the termination of subscription services. Retention periods may be subject to applicable legal or regulatory requirements.
Encryption Protocols:
unmess prioritises data security by utilising industry-standard encryption protocols such as TLS. These protocols provide robust safeguards against unauthorisd access and data breaches.
Cloud & Managed Infrastructure:
unmess leverages Amazon Web Services (AWS) cloud infrastructure. Benefitting from years of collective security expertise and continuous security enhancements, AWS provides a highly secure and reliable platform for unmesss operations.
Access Control:
Stringent access controls are implemented to limit data access to authorised unmess personnel only. This mitigates the risk of unauthorised access and data mishandling.
Real-time Surveillance:
unmess deploys continuous system monitoring, generating immediate alerts for any suspicious activity. This proactive approach enables prompt response to potential security threats, minimising potential damage.
Comprehensive Logging:
Detailed logs of all API calls are maintained, facilitating tracing and auditing of system activity. These logs serve as a valuable resource for security analysis and investigation, enhancing forensic capabilities and incident response.
Launch and SOC II Compliance:
unmess is committed to data security and operational excellence. We are actively pursuing Service Organisation Control 2 (SOC 2) compliance, targeted for completion in Q4 2024. Achieving SOC 2 certification will further demonstrate our commitment to robust security controls and data confidentiality.
unmess Information Security Policy
unmess Information Security Policy
1. Introduction
This policy outlines the measures unmess takes to protect banking transaction data, accounting data, and billing data, ensuring its confidentiality, integrity, and availability. This policy applies to all employees, including the CEO, CMO, and CTO, and any future personnel.
2. Purpose
unmess is committed to safeguarding sensitive financial information from unauthorised access, disclosure, alteration, or destruction. This policy establishes the framework for achieving this objective.
3. Roles and Responsibilities
CEO, CMO, and CTO: These individuals are responsible for implementing and enforcing this policy, ensuring compliance, and conducting regular reviews.
Employees: All personnel must adhere to the security protocols outlined in this policy and take necessary precautions to protect confidential information.
4. Risk Management
The primary focus of unmess's risk management strategy is cybersecurity. Due to the nature of our business and reliance on cloud services, we prioritise protection against online threats.
5. Data Protection
Cloud Storage: unmess utilises secure cloud platforms like AWS and Digital Ocean to store sensitive data.
Least Privilege Access: Even within the small team, the principle of least privilege is applied, granting access only to the data and systems necessary for each role.
6. Physical Security
As unmess operates remotely, the focus is on securing individual work environments and ensuring the physical security of devices used to access or store confidential data. AWS data centres provide an additional layer of physical security for stored data.
7. Network Security
Cloud-Based Security: unmess leverages AWS's built-in security features, including firewalls and intrusion detection, to protect our network infrastructure.
Secure API Integration: Secure protocols and encryption are applied when integrating with other services.
8. Incident Response and Recovery
A basic protocol for responding to potential security incidents, including data breaches or unauthorised access attempts, is established. This protocol includes notification procedures, containment measures, and a process for restoring affected systems. Regular backups of critical data are maintained on secure cloud platforms to facilitate recovery in case of incidents.
9. Compliance and Auditing
unmess adheres to all relevant regulations pertaining to financial data handling, including the General Data Protection Regulation (GDPR). We conduct regular reviews of security settings in cloud services and internal systems to ensure continued compliance.
10. Training and Awareness
unmess recognises the importance of ongoing security awareness and education. As a small team, we prioritise continued learning about emerging security threats and best practices. We encourage employees to take advantage of training resources provided by cloud service providers like AWS and DigitalOcean, as well as API vendors.
11. Policy Review and Update
To adapt to the ever-changing technological landscape and the growth of the company, this policy will be reviewed and updated regularly. All personnel will be notified of any changes to the policy and required to acknowledge their understanding.
12. Acknowledgement of Understanding
All employees must acknowledge their understanding and acceptance of this policy through a signed attestation form.
Conclusion
unmess remains firmly committed to the unwavering protection of your financial data. Our ongoing deployment of rigorously certified managed services and industry-best security measures demonstrably reflects our unwavering dedication to upholding the most stringent data security and privacy standards. We actively encourage you to explore the accompanying security documentation, which provides comprehensive details on the robust security protocols employed by each managed service's security. If you have questions or concerns about our security practices, please reach out to our team at privacy@unmess.xyz