9. Do you have an encryption policy which covers data encryption in transit and at rest?
“The Tool itself runs using a 2048-bit modulus RSA key, SHA256 used for hashing, AES (256-bit) used for encryption. It is Verified by Comodo. This ensures the site you connect to is who it says it is (generalaudittool.com), thus eliminating man in the middle attacks. It also ensures that any data transferred is moved inside an HTTPS tunnel, from Google to the audit tool and from the audit tool to your browser.
10. Do you undertake security testing and audits such as penetration testing and internal and external vulnerability scanning?
We depend on Google for security and pen testing.
11.Do you have a Security/ Breach Incident Management Policy and Procedure in place?
In the event of a customer data breach, we have a declared policy of customer notification. The response to any specific incident will depend on the nature of the incident and is not defined in specific terms.
12.Do you have a Business Continuity Policy in place?
For business continuity of our cloud services, we are dependent on GCP business continuity.
14.You are based in Ireland, and run services on the North American GCP. Could you please confirm your view as to whether this means that data transfers outside of the EU?
Yes, we are based in Ireland. We state so clearly on our website. Yes, our services are run 100% from GCP in North America. It is our view that data is transferred out of the EU and its protection is covered by Google under the EU/US data protection umbrella agreement. We as a data processor are covered directly by EU law.
15. What data do we work with?
We process and store metadata.
16. Where is the metadata stored?
It’s stored on Google Cloud Platform (GCP). The GCP is located in the US-central region (Google Data Center: Council Bluffs, Iowa, USA).
17. How is my metadata kept secured?
Data at rest is encrypted with AES-256 algorithm.
18. Is my metadata secure during transit?
Data in transit is encrypted with TLS.
19. Who has access to my metadata?
Engineers responsible for production environment and Support engineers can have access to their metadata.
20. How is metadata accessed via Google API?
This metadata is accessed directly from G Suite via HTTPS, the same encryption standard that you use to access G Suite.