Register Login

Security Policy

Security Policy for Asset Inheritance

Effective Date: [Insert Date]

At Asset Inheritance, we are committed to safeguarding the confidentiality, integrity, and availability of our customers' data. This Security Policy outlines the principles and practices we follow to protect the sensitive information we manage through our website and services.

  1. Purpose

The purpose of this policy is to define the security measures and protocols in place to:

  • Prevent unauthorised access, disclosure, alteration, or destruction of data
  • Ensure business continuity and disaster recovery
  • Maintain trust and compliance with data protection regulations such as GDPR and others
  1. Scope

This policy applies to:

  • All data collected and processed by Asset Inheritance
  • All systems, databases, networks, and applications used to operate the Asset Inheritance platform
  • All employees, contractors, and third-party service providers with access to data
  1. Data Classification

All data handled by Asset Inheritance is classified based on sensitivity:

  • Confidential Data: Personal and financial data of customers, including assets, liabilities, identification numbers, and inheritance details
  • Internal Data: Business operations, internal documents, and communications
  • Public Data: Information intended for public access such as marketing materials or blog content

Confidential data receives the highest level of protection.

  1. Access Control

We enforce strict access control measures:

  • Role-Based Access Control (RBAC): Users are granted access based on job responsibilities
  • Least Privilege Principle: Access is limited to the minimum required for a given role
  • Authentication: Strong passwords and multi-factor authentication (MFA) are required for all admin and backend systems
  • Session Management: Automatic session timeouts and restrictions on concurrent logins
  1. Data Encryption

To ensure data confidentiality:

  • In Transit: All data transmitted between users and our servers is encrypted using HTTPS (TLS 1.2 or higher)
  • At Rest: Sensitive data is encrypted using AES-256 or an equivalent encryption standard
  1. Network and Infrastructure Security
  • Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are implemented to monitor and block suspicious traffic
  • Systems are hosted in secure, access-controlled data centres with 24/7 monitoring
  • Regular network vulnerability scans and penetration tests are conducted
  1. Software and Application Security
  • Code is reviewed and tested for vulnerabilities before deployment
  • Secure development practices (e.g., input validation, secure session handling) are followed
  • Security patches and updates are applied promptly to all systems and third-party components
  1. Monitoring and Logging
  • Security logs are maintained for all user access, administrative actions, and system events
  • Logs are reviewed regularly for signs of unauthorised or suspicious activity
  • Anomalies trigger alerts to the security team for immediate investigation
  1. Incident Response

We have an established Incident Response Plan that includes:

  • Identification and containment of the breach
  • Investigation and root cause analysis
  • Notification to affected users and regulatory bodies (if required)
  • Remediation and post-incident review
  1. Employee Security Awareness
  • All employees undergo background checks and sign confidentiality agreements
  • Regular security awareness training is conducted
  • Employees are trained on phishing, social engineering, and data handling best practices
  1. Business Continuity and Disaster Recovery
  • Regular backups of all critical data are taken and securely stored
  • Disaster recovery procedures are in place to restore services in case of system failures
  • Recovery time objectives (RTO) and recovery point objectives (RPO) are defined and tested
  1. Vendor and Third-Party Management
  • Third-party vendors with access to data are assessed for security compliance
  • Contracts include data protection clauses and audit rights
  • Data sharing is minimized and restricted to necessary use cases
  1. Compliance

Asset Inheritance complies with applicable data protection and cybersecurity regulations, including:

  • General Data Protection Regulation (GDPR)
  1. Review and Updates

This Security Policy is reviewed annually or whenever there is a significant change to our infrastructure, services, or regulatory requirements.

  1. Contact

For questions or concerns regarding this policy or to report a security issue, please contact us:

Asset Inheritance Security Team
Email: [email protected]