Issue link: https://mastery.commandalkon.com/i/1440159
43 | Embark Data Privacy & Security by Design The ongoing passage of privacy regulations resulting from the evolving threat landscape has changed the way businesses think about data privacy and security. At Command Alkon we consider data security and privacy a top strategic priority and are committed to Data Security & Privacy by Design. At its core, this means we integrate data protection and privacy features throughout our system engineering business processes. Command Alkon's Chief Information Security Officer (CISO), Robert Swartzwelder, is a cyber security leader with 15-years of progressive business focused technical leadership including an extensive background in GRC, Cyber, Cloud, PCI DSS, and distributed applications. Robert is leading Command Alkon's security measures by adopting these seven key principles of Privacy by Design: • Principle 1: Proactive not reactive—preventative not remedial. This means a privacy-first approach will organically foster preventative measures. Instead of reacting to risk or invasion, we seek to actively build process and procedures to prevent incidents from occurring. • Principle 2: Lead with privacy as the default setting. Ensuring personal data is protected by default within our technical solutions and business practices is the path to our success. We restrict data sharing, use data minimization, delete data once no longer necessary, and continually operate within legal boundaries. • Principle 3: Embed privacy into design. Privacy resides within our design, architecture, and business. Measures are not bolt-on components or after- thoughts, rather fully integrated components to our systems and design. Every decision and new process must be filtered through a privacy-first mindset to promote both functionality and privacy protection. • Principle 4: Retain full functionality (positive-sum, not zero-sum). Privacy by Design seeks a "win-win" approach to system design goals and stakeholders. That means privacy and security of our products are a path to success not an inhibitor to innovation. • Principle 5: Ensure end-to-end security. Data lifecycle security means customer data is securely retained as needed then destroyed when no longer needed. Moreover, we rely heavily on security best practices and strong encryption to provide end-to-end data protection. • Principle 6: Maintain visibility and transparency—keep it open. Transparency with our users about our privacy policies and procedures builds accountability and trust. We assure stakeholders that business practices and technologies are operating according to objectives and subject to independent verification. • Principle 7: Respect user privacy—keep it user- centric. Always having our users' privacy interests is top of mind. Our customer's privacy interests are supported by strong privacy defaults, appropriate notice, and user-friendly options. Command Alkon's execution includes the appropriate protocols to remain in compliance with Privacy by Design principles as well as GDPR and our corporate policy lays a governance framework necessary for accountability, including all employees attending security and privacy training. By employing security frameworks such as AWS CIS Benchmarks and AWS Best Practices, we ensure our cloud environments are appropriately secured. We conduct annual internal assessments to measure our compliance with the NIST 800-171. Similarly, our legal team performs privacy audits for measuring our GDPR compliance. As further validation, we employ independent 3rd party auditors and perform penetration tests of our security controls to ensure logical segmentation of customer data. Command Alkon is constantly taking measures to ensure the security of your data by building data security into our software from the ground up. Robert Swartzwelder joined Command Alkon as its first Chief Information Security Officer in 2020. He currently leads Command Alkon's cybersecurity strategy and manages the SysOps, DevOps, and SecOps teams. Security related, please email at: CISO@commadalkon.com Privacy related, please email: privacy@commandalkon.com Data Security Read our CONNEX Security by Design document here