Security & Compliance
Security and privacy are coded into our DNA, so you can rest easy with a truly secure platform
Security and Privacy are of utmost importance and are given the highest priority at Almond Solutions. We are committed to protect the confidentiality, integrity, availability, and privacy of our information systems and customer’s data through the implementation of numerous controls.
Almond Solutions invests heavily in security and privacy framework to ensure we meet or exceed industry standards, applicable law & regulations, and most importantly, our customer’s expectations.
A virtual event management platform that is secured by design
Data is entirely encrypted whether in transit or at rest using the industry-standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit. Only secure access (HTTPS) to the Almond Solutions website and platform is allowed.
Stringent access management controls are in place to grant authorized users the right to use a service while restricting access to unauthorized users. Almond Solutions has implemented security policies across all systems (including APIs), platforms, applications, and devices to identify security violations, remove unauthorized access privileges, and revoke access if necessary. Role-based access controls and least privilege access controls are in place.
Backup and Disaster Recovery (DR)
Automated full-time backups are taken of the databases to mitigate the risk of losing customer data due to disk corruption. Periodic backup and restoration tests are performed to ensure easy and timely recovery of data. Disaster Recovery sites are set up to ensure minimal loss and support business continuity. Annual disaster recovery drills are conducted to ensure Almond Solutions can respond to disasters and emergencies that affect the information systems. Such drills help minimize the risk of a security mishap on business operations.
Cloud Computing Services & Security
Almond Solutions platform is powered by Amazon Web Services (AWS) for hosting and computing activities since AWS is the world’s most secure cloud platform. AWS maintains and demonstrates tons of compliance programs which are but not limited to SSAE-16 SOC 1, 2, and 3, ISO 27001, etc. Almond Solutions has segregated the production environment from the non-production environment both physically and logically to maintain the confidentiality, integrity, availability (CIA), and privacy of customer’s data.
Privacy by Design
PII Data Protection
Almond Solutions is ISO 27701:2019 and ISO 27018:2019 certified. PII data is collected and processed within the limits of the law and for business use cases agreed with customers. All PII data is deleted once the purpose is fulfilled. Stringent security controls such as encryption, access controls, and multi-factor authentication are in place to protect PII data. PII data is not used for testing purposes.
Almond Solutions has defined an incident management policy to respond and resolve critical incidents. This involves a set of procedures and actions such as – how incidents are detected and communicated, who is responsible, what tools are used, and what steps are taken to resolve the incident.
Vulnerability Assessment & Penetration Testing (VAPT)
Almond Solutions conducts rigorous periodic VAPT with leading independent security consulting firms to obtain a detailed view of the threats that might impact the security and privacy framework of Almond Solutions’ platform and various applications. It helps Almond Solutions to protect data and systems from malicious attacks, which may lead to any kind of data loss and unauthorized access to the systems.
User Authentication and Passwords
Users are authenticated with unique IDs and passwords that are protected by a strong encryption mechanism by using bcrypt. A strict password policy is implemented at Almond Solutions along with multi-factor authentication (MFA) to make the environment more secure.