Terms of Service

Privacy Policy

Security Framework

Payment Policy

POLICY CORNER

Security Framework

Version 1.0- 11th July 2024

At Rx100, we are committed to maintaining the highest standards of security to protect our systems, and your data, and interests. Our comprehensive security framework includes various measures and protocols designed to safeguard against potential threats and ensure the integrity, confidentiality, and availability of information.

Summary

We are dedicated to maintaining superior security standards to safeguard our systems, data, and your interests. We implement robust corporate security measures, including governance frameworks, comprehensive policies, and regular training programs. Our facilities are protected through strict access control, surveillance, and environmental controls. 


We secure our infrastructure with network, server, and application security measures, while our data security protocols include encryption, data classification, and retention policies. Access is managed through strong authentication, authorization, and regular access reviews. Operational security is maintained through continuous monitoring, patch management, and robust backup and recovery procedures.


By continuously improving these security components, we aim to provide you with the highest level of security and trust, ensuring that your data and interactions with us remain secure and protected

Below is a detailed outline of our security strategy:

  1. Corporate Security Measures

Security Governance

- We establish a robust security governance framework to oversee the implementation and maintenance of security policies and practices.

- We define clear roles and responsibilities for security personnel and ensure accountability.


Policies and Procedures

- We develop and enforce comprehensive security policies and procedures that align with industry standards and best practices.

- We regularly review and update policies to address emerging threats and regulatory requirements.


Training and Awareness

- We conduct regular security training programs for all employees to enhance their understanding of security protocols and best practices.

- We promote a culture of security awareness through ongoing education and communication.


  1. Facility Protection

Access Control

- We implement strict access control measures to restrict physical access to facilities, including data centers and offices.

- We use advanced identification and authentication systems to ensure that only authorized personnel can access sensitive areas.


Surveillance

- We utilize surveillance systems, including CCTV cameras, to monitor and record activities within and around facilities.

- We regularly review surveillance footage to detect and respond to any suspicious activities.

Environmental Controls

- We equip facilities with environmental controls such as fire suppression systems, climate control, and power backups to protect against physical threats.

- We conduct regular maintenance and testing of environmental controls to ensure their effectiveness.

  1. Infrastructure Security Measures

Network Security

- We deploy firewalls, intrusion detection/prevention systems, and secure network architecture to protect against network-based threats, including viruses and other malicious intrusions.

- We regularly monitor network traffic for anomalies and potential security breaches.


Server Security

- We harden server configurations and apply security patches promptly to protect against vulnerabilities.

- We monitor server activity continuously to detect unauthorized access or suspicious behavior.


Application Security

- We conduct regular security assessments and code reviews to identify and mitigate vulnerabilities in applications.

- We implement secure development practices and ensure that all applications undergo thorough testing before deployment.



  1. Data Security Protocols

Encryption

- We use strong encryption algorithms to protect data at rest and in transit, ensuring the confidentiality and integrity of sensitive information.

- We regularly review and update encryption protocols to address evolving security standards.


Data Classification

- We implement a data classification scheme to identify and protect sensitive data based on its level of confidentiality and criticality.

- We apply appropriate security controls based on the classification of the data.


Data Retention and Disposal

- We establish data retention policies to ensure that data is retained for the appropriate period and securely disposed of when no longer needed.

  1. Access Control Management

Authentication and Authorization

- We implement strong authentication mechanisms, such as multi-factor authentication, to verify the identity of users.

- We enforce strict authorization controls to ensure that users have access only to the resources they need.


Access Reviews

- We conduct regular access reviews to verify that access privileges are appropriate and revoke access when no longer required.

- We document and track all access review activities for audit purposes.


Password Management

- We enforce password policies that require strong, unique passwords and regular password changes.

- We provide users with secure password management tools to help them manage their credentials.



  1. Operational Security Protocols

Security Monitoring

- We continuously monitor systems and networks for security events and incidents using advanced monitoring tools and techniques.

- We implement real-time alerting and response mechanisms to address potential security threats promptly.

Backup and Recovery

- We implement robust backup and recovery procedures to ensure data availability and integrity in the event of a disaster or data loss.

- We regularly test backup and recovery processes to ensure their effectiveness.

  1. Crisis Management Framework

Crisis Response Plan

- We develop and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents.

- We regularly test and update the incident response plan to ensure its effectiveness.


Crisis Reporting

- We establish clear incident reporting channels and encourage prompt reporting of security incidents.

- We ensure that all reported incidents are documented, investigated, and resolved in a timely manner. We promptly respond to the security or privacy incidents reported to us through incidents@rx100ventures.com, with high priority.


Post-Crisis Review

- We conduct post-incident reviews to identify root causes and implement corrective actions to prevent future incidents.

- We document and share lessons learned to improve the overall security posture.

  1. Vulnerability Reporting Protocol

Vulnerability Reporting

- We encourage responsible disclosure of vulnerabilities by establishing a clear process for reporting security issues.

- If you identify any vulnerabilities, please report them directly to us by emailing security@rx100ventures.com.

Collaboration

- We work with security researchers and the broader security community to identify and mitigate vulnerabilities.

- We participate in industry forums and initiatives to stay informed about emerging threats and best practices.

Recognition

- We acknowledge and, where appropriate, reward individuals who responsibly disclose security vulnerabilities.

- We publicly recognize contributors to our security program to encourage continued collaboration.

  1. Vendor Security Protocols

Vendor Assessments

- We conduct security assessments of vendors and third-party service providers to ensure they meet our security requirements.

- We evaluate the security posture of vendors during the selection process and regularly thereafter.

Contractual Agreements

- We include comprehensive security clauses in contracts with vendors to ensure they adhere to our security policies and procedures.

- We require vendors to implement appropriate security measures and provide regular security updates.

Ongoing Monitoring

- We continuously monitor vendor performance and compliance with security requirements.

- We conduct periodic reviews and audits of vendor security practices to ensure ongoing compliance.

  1. Customer Security Measures

Security Features

- We provide customers with security features and tools to protect their data and manage access to their accounts.

- We regularly update and enhance security features to address evolving threats and customer needs.


Support

- We provide prompt and effective support to customers for security-related issues and inquiries.

- We establish clear communication channels for reporting and resolving security concerns.

Conclusion

Rx100 is dedicated to maintaining a secure environment for our systems, data, and customers. By implementing and continuously improving upon these security components, we aim to protect against threats and ensure the highest level of security and trust. For any further queries on this topic, write to us at security@rx100ventures.com.