5.4 Application and Database System Security

All applications and database systems are developed or procured with security in mind, adhering to the principle of least privilege and using secure coding practices to minimize vulnerabilities.

We regularly perform security assessments of our applications and databases, including penetration testing and vulnerability assessments. Any identified issues are risk-ranked and addressed based on severity.

Access to applications and databases is controlled and audited, and our systems are configured to alert our Information Security team of any unusual or suspicious activity.

Furthermore, we ensure all our applications and database systems are regularly patched and updated. We have strict change management processes to review, test, and approve any changes or updates to these systems.

To further safeguard our data, we have a secure backup strategy in place, ensuring data is regularly backed up and can be restored in the event of a system failure or data loss. These backups are also encrypted and stored securely.