Security Policy

Introduction

This security Policy establishes and communicates EagleEnvironmental's security framework for the Soul Purpose app. It applies to all employees, contractors, and third-party service providers with access to the Soul Purpose system, which is hosted in a public cloud environment. The policy underscores our commitment to securing personal and corporate data against unauthorized access, disclosure, alteration, and destruction. Scope This policy covers all aspects of security relating to the information and information processing facilities used by the Soul Purpose app, including data centers, hardware, software, and data stored in the public cloud environment.

1. DATA PROTECTION

Encryption

All data, including at rest and in transit, is encrypted using industry-standard encryption protocols to ensure that data is protected against unauthorized access.

Access Control

Access to data and systems is based on the principle of least privilege (PoLP). Employees and users are granted access rights and permissions strictly necessary to perform their job functions.

Data Retention and Disposal

Data is retained only for as long as necessary to fulfill the stated purposes. We follow secure deletion practices for data no longer required.

2. SYSTEM SECURITY

Security Patches

Regular updates and patches are applied to all operating systems, applications, and network infrastructure to protect against known vulnerabilities.

Network Security

Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are deployed to monitor and protect against unauthorized access and threats.

3. CLOUD ENVIRONMENT SECURITY

Cloud Service Provider (CSP) Collaboration

We work closely with our CSP to ensure that the cloud infrastructure is configured and managed in a secure manner. This includes utilizing CSP’s security tools and best practices.

Isolation

Environments (development, testing, production) are isolated to prevent unauthorized access and data leakage between environments.

Cloud Data Security

We leverage cloud-native security features such as identity and access management (IAM), data encryption, and activity monitoring to enhance our security posture.

4. INCIDENT RESPONSE AND MANAGEMENT

Incident Response (IR)

A comprehensive IR process is in place to ensure a prompt and effective response to security incidents. The plan includes incident identification, assessment, containment, eradication, recovery, and post-incident analysis procedures.

Reporting

All employees are trained and required to report any suspected security incidents or vulnerabilities immediately to the security team.

Business Continuity and Disaster Recovery Strategies and procedures are in place to ensure that critical business operations can continue and data can be recovered in the event of a disaster or major incident.

5. EMPLOYEE TRAINING AND AWARENESS

Security Training

All employees receive regular security awareness training, covering topics such as data protection, threat identification, and safe online practices.

Phishing Awareness

Employees are trained to recognize and respond to phishing attempts and other social engineering attacks.

6. COMPLIANCE AND AUDITS

Regulatory Compliance

Our security practices are designed to comply with relevant laws and regulations, including GDPR and CCPA.

Audits

Regular internal and external security audits are conducted to assess compliance with this policy and identify improvement opportunities.

7.POLICY REVIEW AND UPDATE

This Security Policy will be reviewed and updated regularly or as necessary to reflect technological changes, threats, laws, and organizational priorities. All employees will be informed of significant changes to the policy.

8. CONTACT INFORMATION

For any questions or concerns regarding this Security Policy, please contact: Security Team Contact Information.