At Choice Voting, we prioritise the security of our systems and data above all else. As we utilise Amazon Web Services (AWS) in the London region, we are committed to maintaining the highest standards of security to ensure the confidentiality, integrity, and availability of our resources and sensitive information. This policy outlines our security measures and practices for using AWS in the London region:
1. Data Encryption:
- All data transferred between our systems and AWS services will be encrypted using industry-standard protocols such as TLS (Transport Layer Security).
- Data at rest will be encrypted using AWS services such as Amazon S3 Server-Side Encryption and Amazon RDS encryption.
- Sensitive data will be encrypted using strong encryption algorithms before being stored or transmitted.
- Access to AWS resources will be granted on a need-to-know basis, using the principle of least privilege.
- Multi-factor authentication (MFA) will be enforced for all users accessing AWS management console and APIs.
- Identity and Access Management (IAM) roles will be utilised to manage permissions and control access to AWS services.
- Virtual Private Clouds (VPCs) will be used to isolate resources within AWS.
- Network Access Control Lists (NACLs) and Security Groups will be used to control inbound and outbound traffic.
- Regular security audits and vulnerability assessments will be conducted on our VPCs and network configurations.
- AWS CloudTrail will be enabled to provide detailed logging of API activity.
- CloudWatch Logs and CloudWatch Metrics will be used to monitor and detect any suspicious or unauthorised activities.
- Alerts will be configured to notify us of any security breaches or anomalies.
- Data will be stored and processed in the AWS London region in compliance with data residency requirements.
- Regular backups of our data will be performed using AWS services to ensure data availability and business continuity.
- Disaster recovery plans will be established and tested to minimise service downtime in case of any unforeseen events.
- We will comply with relevant industry standards and regulations, ensuring that our use of AWS aligns with any legal and compliance requirements.
- We will only collect and store data that is essential for our operations and services.
- Data will be classified based on its sensitivity, and appropriate measures will be taken to protect it.
- All sensitive data, both in transit and at rest, will be encrypted using strong encryption mechanisms provided by AWS.
- Data access will be granted only to authorised personnel with a legitimate need.
- Sharing of data within AWS resources will follow strict permission and access controls.
- Data retention policies will be established to ensure that data is retained for the necessary period while adhering to legal and compliance requirements.
- Data that is no longer needed will be securely deleted or archived.
- Data will be stored and processed within the AWS London region to adhere to data residency requirements.
- Regular backups of data will be performed to ensure its availability in case of data loss or system failures.
- Regular auditing and monitoring will be conducted to ensure that data is being handled according to policies and standards.
- In the event of a data breach, a clear and effective response plan will be implemented to minimise the impact and notify affected parties as required by law.