1. Purposes and Scope
LogicGate has implemented and will maintain the following security measures for the protection of confidential information and/or Customer Data, once a Customer or its end-users, including third parties, upload or otherwise input data or information into the LogicGate platform, including, without limitation, any information submitted in response to vendor questionnaires or online forms sent to third parties using LogicGate’s platform service (hereafter, “the LogicGate Service” or “the platform”).
The security practices set forth below apply when LogicGate processes, transmits, or stores confidential information and/or Customer Data, including during LogicGate’s provision of services through the platform and infrastructure that hosts confidential information and/or Customer Data.
2. LogicGate Technical and Organizational Measures
|Organization of Information Security||Security Ownership. LogicGate has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures.
Information Security Policies. LogicGate maintains a management-approved corporate information security policy, or set of information security policies, defining responsibilities and setting out LogicGate’s approach to information security, which includes physical, administrative and technical safeguards. Such policies have been published and communicated to employees, contractors, and relevant external parties.
Senior Management Commitment. LogicGate’s Information Security Manager (or designee) develops, maintains, reviews, and approves LogicGate’s security, availability, and confidentiality standards and policies.
Risk Management. LogicGate has a formal cybersecurity risk assessment and management process which includes mitigation of any identified findings. The LogicGate ranks and reviews all identified risks at a minimum annually.
|Access Management||LogicGate access management program. LogicGate maintains an access management program for LogicGate’s access to Customer Data, applicable where LogicGate maintains access to Customer Data. Management of the program is facilitated through the use of enterprise single-sign-on (SSO) solution.
|Authentication||LogicGate provides the following controls to manage the authentication of end-users to the platform:
|Personnel Security||LogicGate requires the following for all employees:
Additionally, LogicGate has established policies for disciplinary action, up to and including termination, for noncompliance with security policies and procedures.
|Business Resiliency||Business Continuity Management and Disaster Recovery
LogicGate has a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) in place to manage significant disruptions to its operations and infrastructure, which include, without limitation, the following:
LogicGate employs backup procedures to enhance the security and integrity of the Service.
|Physical & Environmental Security||Customer Data is hosted within Amazon Web Services (AWS) and the physical security of LogicGate’s services are managed by AWS as part of the AWS Shared Responsibility Model.|
|Vulnerability Management, Network Security & Monitoring||Vulnerability Management
Network Security & Monitoring
|Third-Party Certification||LogicGate shall maintain an information security certification from a firm that specializes in enterprise information security assessment and certification.|