Last Updated: August 15, 2025
This Information Security Policy outlines the framework of security controls and measures implemented by Algiz ("we," "us," or "our") to protect the confidentiality, integrity, and availability of our systems and the data we process on behalf of our customers.
This policy applies to all Algiz employees, contractors, and the entire technology infrastructure used to deliver the Algiz Service, including all hardware, software, and data hosted on Amazon Web Services (AWS).
Head of Security: Is responsible for the development, implementation, and maintenance of this security policy and related procedures.
Engineering Team: Is responsible for implementing and maintaining security controls within the application and infrastructure, adhering to secure coding practices, and performing regular security assessments.
All Employees and Contractors: Are responsible for understanding and complying with this policy in their daily activities.
We classify data into the following categories to ensure appropriate levels of protection:
Customer Data: Any data that we process on behalf of our customers through their use of the Service. This is our most sensitive category of data. It is treated as strictly confidential and is protected with the highest level of security controls.
Confidential Information: Non-public business information, such as financial data, strategic plans, and intellectual property. Access is restricted on a need-to-know basis.
Internal Data: Information not intended for public disclosure but has a lower sensitivity than Confidential Information, such as internal documentation.
Public Data: Information intended for public consumption, such as marketing materials on our website.
All Customer Data is encrypted both in transit (using TLS 1.2 or higher) and at rest.
A formal access control policy is in place to manage access to all systems and data. Our approach is based on the principles of least privilege and separation of duties.
Authentication: User authentication for the Algiz Service is managed by AWS Cognito. All user passwords are required to meet complexity standards. We enforce Multi-Factor Authentication (MFA) for all administrative access to our production environment.
Authorization: Access to systems and data is granted based on job role and responsibilities. We utilize AWS Identity and Access Management (IAM) roles and policies to enforce the principle of least privilege for all access to our AWS resources.
Access Reviews: Access rights are reviewed on a quarterly basis, and immediately upon a change in role or termination of employment.
Our entire production environment is hosted within Amazon Web Services (AWS), leveraging the security and compliance controls it provides.
Network Segmentation: Our production environment is logically isolated within a Virtual Private Cloud (VPC). We use a multi-tiered architecture, and network traffic between tiers is restricted using Security Groups.
Frontend Security: Our web application is served through Amazon CloudFront, which provides protection against common Distributed Denial of Service (DDoS) attacks. We utilize AWS Web Application Firewall (WAF) to protect against common web exploits.
API Gateway: Access to our backend APIs is managed through Amazon API Gateway, which is configured to authorize requests via AWS Cognito and provides throttling to protect against abuse.
Compute Instances (EC2): Our compute resources run on hardened Amazon Machine Images (AMIs). Access is restricted via security groups, and we have a formal patch management process to ensure systems are kept up-to-date with the latest security patches.
Data Storage (S3): All data stored in Amazon S3 is encrypted at rest using AES-256. S3 bucket policies are configured to prevent public access, and access is granted only to authorized IAM roles.
Secure Software Development Lifecycle (SDLC): Security is integrated into every phase of our development process. This includes security design reviews, threat modeling, and secure coding training for our developers.
Vulnerability Management: We conduct regular vulnerability scans of our infrastructure and applications. Critical vulnerabilities are remediated according to a defined timeline based on severity.
Third-Party Libraries: We maintain an inventory of all third-party libraries and dependencies. These are regularly scanned for known vulnerabilities.
We have a formal Incident Response Plan to ensure a timely and effective response to any security incidents. The plan includes the following phases:
Preparation: Maintaining tools and procedures for incident response.
Detection & Analysis: Identifying and assessing the scope and severity of an incident.
Containment, Eradication & Recovery: Taking steps to contain the incident, remove the threat, and restore systems to normal operation.
Post-Incident Activity: Conducting a root cause analysis and implementing corrective actions to prevent recurrence.
In the event of a security breach affecting Customer Data, we will notify affected customers in accordance with our contractual and legal obligations.
We are committed to ensuring the availability of our Service.
Data Backup: We perform regular, automated backups of our critical data. Backups are encrypted and stored securely.
Disaster Recovery: Our infrastructure is designed for high availability and is deployed across multiple AWS Availability Zones. We conduct annual disaster recovery tests to ensure our ability to restore the Service in the event of a major outage.
This Information Security Policy is reviewed and updated at least annually, or in response to significant changes in our security posture or the threat landscape.
For any questions or concerns regarding our security practices, please contact us at info@bmkcybersecurity.com.