Security at dotData

Last updated: March 2023

Security at dotData

At dotData, we take security seriously, that’s why we have implemented strict security policies and procedures at all levels of our organization.

dotData Security Program highlights

We collect information about you directly from you and from third parties, as well as automatically through your use of our Site or Services.

Infrastructure Security

Service infrastructure maintained: dotData has infrastructure supporting the service patched as a part of routine maintenance and as a result of identified vulnerabilities to help ensure that servers supporting the service are hardened against security threats.

Production application restricted access:  dotData restricts privileged access to the application to authorized users with a business need.

Remote access MFA: dotData’s production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.

Remote access encrypted: dotData’s production systems can only be remotely accessed by authorized employees via an approved encrypted connection. 

Organizational Security

Security Awareness Training: dotData requires employees to complete security awareness training within thirty days of hire and at least annually thereafter.

Password Policy: dotData requires passwords for in-scope system components to be configured according to the company’s policy.

MDM System: dotData has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.

Anti-malware Technology: The company deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

Internal Security Procedures

Development Lifecycle: dotData has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

Vulnerability Scan and Remediation: dotData performs Host-based vulnerability scans at least quarterly on all external-facing systems. Critical and high vulnerabilities are tracked to remediation.

Access Request Requirements: dotData ensures that user access to in-scope system components is based on job role and function or requires a documented access request form and manager approval prior to access being provisioned.Access Reviews: dotData conducts access reviews at least quarterly for the in-scope system components to help ensure that access is restricted appropriately. Required changes are tracked to completion.