Effective starting: 01 January, 2025
Security is a core principle of Dotwork’s technology and operations. This policy outlines the security measures implemented by Dotwork to protect Customer Data, ensure compliance, and maintain trust.
Dotwork enforces security measures aligned with industry best practices and regulatory standards, providing enterprise-grade protection while maintaining agility and scalability as the company grows. These measures support regulatory compliance, risk management, and secure business operations as Dotwork expands.
a) Dotwork continuously identifies, assesses, and mitigates security risks through quarterly reviews and ongoing monitoring.
b) Regular tabletop exercises are conducted to evaluate incident response readiness and test security protocols.
c) Security policies and procedures undergo an annual review or earlier if required, based on emerging threats, regulatory updates, and industry trends.
a) Role-based access controls (RBAC) enforce the principle of least privilege, ensuring employees only have necessary permissions.
b) Multi-Factor Authentication (MFA) is mandatory for all critical systems and administrative accounts.
c) Dotwork conducts quarterly user access reviews to verify role appropriateness and compliance with security policies.
d) Single Sign-On (SSO) is implemented where feasible for centralized authentication management.
e) Password policies enforce complexity requirements, regular rotation cycles, and account lockout policies.
f) Dotwork enforces immediate deactivation of accounts and access revocation as part of the off-boarding process.
g) VPN access is required for remote administrative connections to sensitive systems.
a) Mandatory security awareness training is provided upon hire and annually thereafter for all employees.
b) Role-based security training is required for employees with elevated privileges or specialized security responsibilities.
c) Dotwork conducts ongoing phishing simulations to assess and strengthen employee resilience against social engineering threats.
a) Encryption policies enforce protection for all data in transit (TLS 1.2+) and at rest (AES-256).
b) Firewalls and security groups restrict unauthorized network access based on the principle of least privilege.
a) System activity logs are continuously monitored for anomalies and suspicious activity.
b) Dotwork maintains a centralized logging system to capture security events and access logs in compliance with industry best practices.
c) All critical security incidents are documented, reviewed, and leveraged to improve incident response and security protocols.
a) Annual security assessments evaluate key systems to ensure compliance with security policies and regulatory requirements.
b) Internal security policy reviews occur biannually to align with evolving threats and security best practices.
c) Dotwork will complete a SOC 2 audit within two months (by May 1, 2025) and maintain annual recertification to ensure ongoing compliance with industry standards.
d) Regular vulnerability scans are conducted, with high-severity issues remediated within defined SLAs.