IT Security Document
1. DATA HOSTING
PDA International utilises top-rated data centres located in the United States (Miami, Florida). These centres are selected based on their reputation, procedures, certifications and customer profile.
1.1 HOST SECURITY
The physical security of the host building is controlled by limited access points. Internally, the centre’s suites are controlled by access credentials and biometric readers.
The centre has security personnel on-call 24 hours a day, 365 days a year. Both the interior and exterior of the building have 24-hour surveillance by a closed-circuit TV system (CCTV). The system’s records are kept for a minimum of 90 days.
1.2 HOST CERTIFICATIONS
AICPA SOC 2 (Reporting by centre)
PCI-DSS (Data security standard)
FISMA NIST SP 800-53 (Data Security and Privacy Controls for Information Systems and Organizations)
ISO 9001:2008 (Administrative Quality System)
ISO 27001 (Information security management standard)
ISO 14001 (Environmental Management)
ISO 50001 (Energy Management)
2. OUR NETWORK
2.1 SECURITY AND MONITORING
PDA’s servers are protected by a physical firewall, keeping them in an isolated environment. The only data sent to them are those that meet PDA International’s security criteria.
We constantly monitor PDA International’s servers (we use Pingdom software for this), which tracks key performance indicators such as RAM, processor load, hard drive speed, and availability of the site and systems. In the event of an alert indicating that services are not working as expected, the PDA Support team will solve these issues as soon as possible in order to ensure the availability of the service.
Our servers have the latest security patches, and are regularly updated.
We also utilise necessary anti-virus software to protect against all types of malicious software (Trojans, worms, rootkits, adware, spyware, etc.), which is regularly updated.
PDA utilises the industry’s best practices to implement proper encryption for authentication and transmission of data within its network.
All information between the user and PDA server is encrypted with an SSL-128-bit key.
2.4 THIRD PARTIES
PDA International partners and distributors within the European Community are compliant with General Data Protection Regulation (EU) 2016/679 (“GDPR”).
3.1 AUDITING, ACCESS AND REVIEW
PDA shall provide the Service Administrator (Data Controller) with all the information required to verify compliance with the obligations stipulated in Article 28 of the GDPR. Every effort shall be made to collaborate with any audit or inspection that the Data Controller should require.
If necessary, our representatives must collaborate with the pertinent supervisory authority in the performance of all their duties.
PDA agrees to comply with user requests related to the use of their data in accordance with current legislation regarding protection thereof.
3.2 DATA RETENTION
PDA may retain user data and assessment results for evaluation purposes. PDA agrees to keep this information secure, and to not share it with anyone except the user subscribed to the service, unless otherwise required by Law in accordance with Art. 23 of GDPR 2016/679.