Security & Trust

Autonix deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

Autonix requires passwords for in-scope system components to be configured according to Autonix's policy.

Autonix requires contractors to sign a confidentiality agreement at the time of engagement.

Autonix maintains a formal inventory of production system assets.

Autonix's datastores housing sensitive customer data are encrypted at rest.

Autonix captures system activity, including user activity, in transaction logs.

Autonix's formal policies outline the requirements for the following functions related to IT / Engineering: vulnerability management, system monitoring.

Autonix has security and privacy incident response policies and procedures that are documented and communicated to authorized users.

Autonix management has established defined roles and responsibilities to oversee the design and implementation of information security controls.

Autonix's information security policies and procedures are documented and reviewed at least annually.

Autonix reviews access to the data centers at least annually.

Autonix has processes in place for granting, changing, and terminating physical access to company data centers based on an authorization from control owners.

Autonix's security and privacy incidents are logged, tracked, resolved, and communicated to affected or relevant parties by management according to Autonix's security incident response policy and procedures.

Autonix has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

Autonix has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.

Autonix has a privacy policy is in place that documents and clearly communicates to individuals the extent of personal information collected, Autonix's obligations, the individual's rights to access, update, or erase their personal information, and an up-to-date point of contact where individuals can direct their questions, requests or concerns.

Autonix purges or removes customer data containing confidential information from the application environment, in accordance with best practices, when customers leave the service.

Autonix has formal retention and disposal procedures in place to guide the secure retention and disposal of company and customer data.

Autonix has documented processes and procedures in place to ensure that any privacy-related complaints are addressed, and the resolution is documented in Autonix's designated tracking system and communicated to the individual.

Autonix retains customer transaction data for the life of a customer account. No historic transaction data is purged until the customer account is deleted.

Autonix has a privacy policy available to customers, employees, and/or relevant third parties who need them before and/or at the time information is collected from the individual.

Autonix reviews the privacy policy as needed or when changes occur and updates it accordingly to ensure it is consistent with the applicable laws, regulations, and appropriate standards.

Autonix has established a privacy policy that uses plain and simple language, is clearly dated, and provides information related to Autonix's practices and purposes for collecting, processing, handling, and disclosing personal information.

Autonix has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.