Trust Center Details - Humanicer.com - Humanicer.com

Trust Center Details

Humanicer is dedicated to maintaining the highest standards for security, privacy, and compliance. Our detailed security measures and transparent data practices protect your content while using our services. We regularly review and update our protocols to adapt to evolving challenges.

GDPR
CCPA
PCI DSS
CASA Tier 2
DPF

Controls

Updated: 19.05.2025

Infrastructure Security

Control
Status

Unique production database authentication enforced

The company requires authentication to production databases to use authorized secure authentication mechanisms, such as unique SSH key.

Encryption key access restricted

The company restricts privileged access to encryption keys to authorized users with a business need.

Unique account authentication enforced

The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.

Production application access restricted

System access restricted to authorized access only.

Production database access restricted

The company restricts privileged access to databases to authorized users with a business need.

Production OS access restricted

The company restricts privileged access to the operating system to authorized users with a business need.

Production network access restricted

The company restricts privileged access to the production network to authorized users with a business need.

Unique network system authentication enforced

The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Remote access MFA enforced

The company's production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.

Remote access encrypted enforced

The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Log management utilized

The company utilizes a log management tool to identify events that may have a potential impact on the company's ability to achieve its security objectives.

Infrastructure performance monitored

An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.

Organizational Security

Control
Status

Production inventory maintained

The company maintains an inventory of all production systems, including those that process, store, or transmit customer data.

Anti-malware technology utilized

The company utilizes anti-malware technology to detect and prevent unauthorized software on corporate workstations and servers.

Employee background checks performed

The company performs background checks on all new employees in accordance with local laws and regulations.

Security awareness training conducted

Employees are required to complete security awareness training upon hire and annually thereafter.

Information security policy maintained

The company maintains an information security policy that is reviewed and updated at least annually.

Vulnerability scans conducted

The company conducts vulnerability scans on its production systems at least quarterly.

Security incident response plan established

The company has established and maintains an incident response plan that is tested at least annually.

Security assessments conducted

The company conducts security assessments of its production environment at least annually.

Product Security

Control
Status

Data encryption utilized

Sensitive data is encrypted at rest using industry-standard encryption algorithms.

Control self-assessments conducted

The company conducts self-assessments of its security controls at least quarterly.

Data transmission encrypted

Data transmitted over the internet is encrypted using TLS 1.2 or higher.

Security code reviews performed

Code changes are subject to security reviews before being deployed to production.

Penetration testing conducted

Independent penetration tests are conducted at least annually on the production environment.

Secure development lifecycle implemented

The company follows a secure development lifecycle methodology that includes security requirements, design reviews, code reviews, and testing.

Vendor risk assessments conducted

The company conducts risk assessments of third-party vendors prior to engagement and periodically thereafter.

Internal Security Procedures

Control
Status

Continuity and Disaster Recovery plans established

The company has established and maintains business continuity and disaster recovery plans to ensure service availability during disruptive events.

Continuity and disaster recovery plans tested

The company's business continuity and disaster recovery plans are tested at least annually to ensure their effectiveness.

Cybersecurity insurance maintained

The company maintains cybersecurity insurance coverage to mitigate potential financial impact from security incidents.

Incident response procedures documented

The company maintains documented incident response procedures to address security incidents promptly and effectively.

Data and Privacy

Control
Status

Data retention procedures established

The company has established and maintains data retention procedures that specify the duration of time data is kept before being securely deleted.

Data classification policy established

The company has established and maintains a data classification policy that categorizes data based on sensitivity and dictates appropriate handling.

Privacy policy maintained

The company maintains a privacy policy that outlines how user data is collected, used, stored, and protected.

Privacy impact assessments conducted

The company conducts privacy impact assessments for new products and features that involve the processing of personal data.

GDPR compliance maintained

The company maintains compliance with the General Data Protection Regulation (GDPR) for European users.

Data processing agreements maintained

The company maintains data processing agreements with all third-party vendors that process personal data on its behalf.

Security policies established and reviewed

The company's information security policies and procedures are documented and reviewed at least annually.

System changes communicated

The company communicates system changes to authorized internal users.

Incident response policies established

The company has security and privacy incident response policies and procedures that are documented and communicated to authorized users.

Incident management procedures followed

The company's security and privacy incidents are logged, tracked, resolved, and communicated to affected or relevant parties by management according to the company's security incident response policy and procedures.

Physical access processes established

The company has processes in place for granting, changing, and terminating physical access to company data carriers based on an authorization from control owners.

Data center access reviewed

The company reviews access to the data centers at least annually.

Risk management program established

The company has a documented risk management program in place that includes guidance on the identification of potential threats, rating the significance of the risks associated with the identified threats, and mitigation strategies for those risks.

Vendor management program established

The company has a vendor management program in place. Components of this program include: a critical third-party vendor inventory; vendor's security and privacy requirements; and review of critical third-party vendors at least annually.

Data retention procedures established

The company has formal retention and disposal procedures in place to guide the secure retention and disposal of company and customer data.

Data classification policy established

The company has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.

Integrate Humanicer Directly With Your Existing Platforms and Systems