Last modified: October 8, 2019
Our promise to uphold the privacy of PII (personally identifiable data) to the best of our ability is backed by our security practices and that of our associates and sub-processors.
- A culture of privacy is developed and nurtured throughout our corporate organization. Periodic cybersecurity awareness training and knowledge checks are conducted with every employee.
- Best security practices are identified, implemented, and periodically assessed and adjusted in relation to our corporate operations as well as with our sub-processors.
- Annual third-party graybox penetration tests are conducted of my.pdpworks.com and mitigation is performed as needed (certification will be displayed here soon.)
- Monthly vulnerability scans are run and the results are evaluated and action taken if needed.
- Monthly PCI compliance scans are conducted of my.pdpworks.com, our other websites, and our corporate operations to ensure the safety of all credit card transactions.
- All upgrades, updates, or changes to my.pdpworks.com or our operations are evaluated for their potential impact to ongoing data privacy and security.
- The principle-of-least-privilege is practiced among our employees, consultants, and associates to constrain exposure of PII only to those authorized.
- Should any level of data breech be experienced, the event is detailed and logged and when appropriate, reported to the appropriate data protection authorities.
- Data for my.pdpworks.com is securely backed-up many times each day. The Recovery Point Objective (RPO) is as short as two hours and the Recovery Time Objective (RTO) is as short as one hour.
- All back-ups are encrypted at rest and during transit and have very limited accessibility.
- All data-in-transit for all web properties is encrypted via current industry standards.
- Best practice password policies are uniformly enforced among employees, consultants, and associates.
- All security and privacy practices are regularly reviewed and updated as needed.