Data Security Measures
Wooly, Inc dba Roster Technologies
This document describes the technical and organizational measures we have adopted to ensure that the data we process is safe in our care.
2) In each case, and via the DPA’s, Roster will restrict the subprocessors’ access to customer personal data only to what is necessary to assist Roster in providing or maintaining the services and will prohibit the subprocessor from accessing customer personal data for any other purpose.
3) Vulnerability Scans: Roster shall ensure that vulnerability scans are performed on servers continuously and network security scans are completed at a minimum quarterly, in each case using an industry standard vulnerability scanning tool.
4) Employee-Related Policies:
5) Process-Level Requirements: We will implement the following processes to ensure security and privacy:
6) Application-Level Requirements
7) Data-Level Requirements
8) End User Computing Level Requirements
9) Compliance Requirements
10) Personnel. Roster restricts its personnel from downloading and/or processing Customer Personal Data without authorization by Roster as set forth in the Security Measures and shall ensure that any person who is authorized by Roster to process Customer Personal Data is under an appropriate obligation of confidentiality.
11) Security Incident Response. Upon becoming aware of a Security Incident, Roster will notify Customer without undue delay and, in any case, where feasible, within seventy-two (72) hours after becoming aware. Roster will provide information relating to the Security Incident as it becomes known or as is reasonably requested by Customer to fulfill its obligations as controller and will also take reasonable steps to contain, investigate, and mitigate any Security Incident.
Security Incident Response
1) Executives will immediately confer with each other and with legal counsel regarding any security incident to ensure compliance with legal and contractual obligations.
2) We will notify the impacted customer(s) within seventy-two hours after learning of the incident along with the classification of the incident.
3) We will immediately investigate and mitigate any security incident.
4) Roster will obtain and maintain reasonable insurance to cover itself for cyber liability.