Last modified: October 24, 2021
Our promise to uphold the privacy of PII (personally identifiable information) to the best of our ability is backed by our security practices and that of our sub-processors.
- A culture of privacy is continually nurtured throughout our corporate organization. Annual cybersecurity awareness training and knowledge checks are conducted with every employee.
- Best security practices are identified, implemented, and periodically assessed and adjusted in relation to our corporate operations as well as with our sub-processors.
- Monthly vulnerability scans are run and evaluated and corrective action taken where needed.
- PCI compliance is maintained and certified annually to ensure the safety of all credit card transactions.
- All upgrades, updates, or changes to my.pdpworks.com or our operations are evaluated for their potential impact to ongoing data privacy and security.
- The principle-of-least-privilege is practiced among our employees, consultants, and associates to constrain exposure of PII and operations only to those authorized.
- Should any level of data breech be experienced, the event is detailed and logged and when appropriate, reported to the appropriate data protection authorities.
- Data for my.pdpworks.com is securely backed-up many times each day. The Recovery Point Objective (RPO) is as short as two hours and the Recovery Time Objective (RTO) is as short as one hour.
- All back-ups are encrypted at rest and during transit and have very limited accessibility.
- All data-in-transit for all web properties is encrypted via current industry standards (SSL/TLS 1.2+). Encryption of data-at-rest is also enforced.
- Best practice password policies and management are uniformly enforced among employees, consultants, and associates.
- All security and privacy practices are regularly reviewed and updated as needed.