Security Policy

Security Policy

Effective Date: 10 November 2024

Archiater Studio is committed to protecting the confidentiality, integrity, and availability of information for all users, clients, and partners. This Security Policy outlines the principles, procedures, and security measures implemented across all our business operations to safeguard data, services, and infrastructure against unauthorized access, disclosure, and misuse.

1. Purpose and Scope

This Security Policy applies to all aspects of Archiater Studio’s operations, including:

  • SaaS-based products
  • Non-SaaS services
  • Website usage
  • Data storage and processing activities

Our Security Policy is designed to protect data in compliance with applicable local regulations (e.g., Malaysia’s Personal Data Protection Act) and international laws, including the General Data Protection Regulation (“GDPR”) where applicable.

2. Security Principles

Our approach to security is based on the following key principles:

  • Confidentiality: Ensuring that sensitive information is accessible only to authorized personnel.
  • Integrity: Maintaining the accuracy and completeness of data to prevent unauthorized modification.
  • Availability: Ensuring that authorized users have consistent, uninterrupted access to the resources and information they need.
  • Accountability: Implementing auditing mechanisms and tracking access to information to ensure responsibility.

3. Data Protection and Privacy

Archiater Studio implements strict controls over the handling, processing, and storage of personal data in accordance with our Privacy Policy. Key practices include:

  • Encryption: All sensitive data, including personal data, is encrypted in transit and at rest using industry-standard encryption protocols.
  • Access Control: Access to personal data is restricted to authorized personnel only, following a least-privilege access model.
  • Data Retention: Data is stored only as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by law.

4. Infrastructure Security

Archiater Studio employs secure and resilient infrastructure to protect the availability and reliability of our Services, including:

  • Firewalls and Intrusion Detection: Network firewalls, intrusion detection, and prevention systems are deployed to monitor and defend against unauthorized network activity.
  • Regular Vulnerability Assessments: Routine vulnerability assessments and penetration testing are conducted to identify and address security weaknesses in our systems.
  • Data Centers: We partner with secure, certified data centers that comply with leading security standards, such as ISO 27001, for hosting and storage.

5. Application Security

We are dedicated to maintaining secure SaaS applications through rigorous testing and monitoring:

  • Code Reviews and Security Testing: All software undergoes thorough code reviews and security testing before deployment to identify and remediate vulnerabilities.
  • Secure Development Practices: Our development team adheres to secure coding practices, following OWASP guidelines to minimize security risks.
  • Real-Time Monitoring: SaaS applications are monitored in real-time to detect and respond to security threats or anomalies.

6. User Access Management

Archiater Studio ensures that only authorized users have access to the Services through:

  • Identity and Access Management (IAM): We use IAM systems to manage and enforce role-based access controls.
  • Multi-Factor Authentication (MFA): MFA is required for access to sensitive areas of our systems and data.
  • Account Locking and Monitoring: Accounts are automatically locked following repeated failed login attempts, and login activities are monitored for unusual behavior.

7. Incident Response

Archiater Studio has an established Incident Response Plan to detect, respond to, and recover from security incidents. Our approach includes:

  • Detection: Continuous monitoring and automated alerts for security threats.
  • Containment and Mitigation: Immediate actions to contain and mitigate any security incidents to limit impact.
  • Investigation and Remediation: Prompt investigation and remediation of incidents to restore normal operations and address root causes.
  • Notification: For incidents involving personal data, affected individuals and relevant authorities will be notified in compliance with applicable laws, including GDPR and Malaysia’s Personal Data Protection Act.

8. Employee Security Awareness and Training

Our employees are fundamental to our security efforts. Archiater Studio mandates security awareness training for all staff, including:

  • Regular Training: All employees undergo regular training on data security practices, privacy protection, and safe handling of client data.
  • Phishing Simulations: Employees participate in phishing simulations and awareness exercises to mitigate risks of social engineering.
  • Access Reviews: Regular reviews of access rights are conducted to ensure compliance with role-based access requirements.

9. Compliance and Regulatory Adherence

Archiater Studio is committed to compliance with all applicable data protection and security regulations:

  • GDPR Compliance: For our clients in the European Union, we ensure that all data processing activities comply with the GDPR, including implementing rights of data subjects.
  • Local Compliance (Malaysia): We adhere to Malaysia’s Personal Data Protection Act (PDPA) and other relevant regulations for the secure handling of personal data.
  • Audits and Certifications: Our systems and processes undergo periodic audits to ensure compliance with these standards and regulations.

10. Third-Party Security

Archiater Studio works with third-party vendors and service providers to deliver some aspects of our Services. We ensure that:

  • Vendor Security Assessments: All third-party vendors undergo rigorous security assessments before onboarding.
  • Data Sharing Agreements: Data shared with third-party vendors is governed by strict data processing agreements to protect personal data.
  • Ongoing Monitoring: The performance and security of third-party vendors are monitored and evaluated on an ongoing basis.

11. Website Security

Archiater Studio’s website is designed with security features to protect users’ information, including:

  • HTTPS Protocols: Our website is secured by HTTPS to encrypt all user data in transit.
  • Google reCAPTCHA: Certain forms on our website are protected by Google reCAPTCHA to prevent automated abuse.
  • Cookie Management: Users have control over cookies and tracking technologies, in compliance with our Privacy Policy and GDPR.

12. Client Responsibilities

Clients also play a critical role in maintaining security. Archiater Studio requires clients to:

  • Safeguard Account Credentials: Clients must maintain the confidentiality of their login credentials and immediately notify us of any suspected unauthorized access.
  • Implement Security Measures: Clients should implement their own security protocols, such as MFA, when accessing our Services.
  • Comply with Legal Obligations: Clients must comply with applicable data protection laws and ensure that their end-users understand their responsibilities.

13. Changes to Security Policy

Archiater Studio reserves the right to update or modify this Security Policy as necessary. We will provide notice of any significant changes via our website, and your continued use of our Services constitutes acceptance of these changes.

14. Contact Information

If you have questions about our Security Policy, please contact us at:

Archiater Studio
support@archiaterstudio.com
Lorong Kudalari, 50450 Kuala Lumpur

Discard
Save
Draft
Write your content here...
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Was this article helpful?
last updated 5 months ago
Edit Page New Page Revisions Page Settings

Previous Page

Privacy Policy

Next Page

Refund Policy

On this page