Encryption Uses. Customer Data must be protected, and should be encrypted, while in transit and at rest. Confidential Information must be protected, and should be encrypted when stored and while in transit over any network; authentication credentials must be encrypted at all times, in transit or in storage.
Encryption Uses. Company Data transmission over the public internet always utilizes encrypted channel. Encryption details are documented if transmission is automated. Approved and dedicated staff is responsible for encrypting/decrypting the data, if manual. Company Data must also be encrypted while in transit over any network. VPN transmissions are performed over an encrypted channel. On-Premises: Controller provides support case data in an encrypted manner to processor. Case resolution is done in a secured environment. 60 days after case is closed, support case data is deleted. (1c) Measures of ensuring the ongoing confidentiality of personal data: All access to the data centers where Company data is stored, is restricted to ASCI’s IT Operations Team according to ASCI Information Access Control Policies (ASCI follows the principle of least privilege and only grants access based on role and business use case). Access rights are reviewed regularly or upon change of role/termination of an employee. Access to the environment where Company data is stored is strictly controlled and monitored. Company is responsible for managing access to their subscription data and are responsible for the lifecycle of those accounts. Company Subscription Administrators are responsible for user administration and related password policies within the application. The Company is responsible for the lifecycle of this account. On-Premises: Work is done in secure environment; data transfer is secured. Deletion of data after closing of sup- port case.
