Purpose

We ensure the secure and efficient operation of our information processing systems and facilities by following industry best practices and maintaining rigorous controls.

Scope

This policy applies to all RPPL LIMITED systems that are critical to business operations or handle sensitive company data. It extends to all employees, contractors, and third parties accessing our network and resources.

Documented Operating Procedures

We document both technical and administrative procedures as required, ensuring they are readily accessible to authorized personnel to maintain operational consistency and security.

Change Management

We follow a robust change management process to maintain the security and stability of our systems:

1. Documentation: We record all significant system changes, including purpose, specifications, and potential impacts, using standardized formats.
2. Testing: Changes are thoroughly tested in isolated staging environments to ensure minimal disruption.
3. Authorization: Formal approvals are obtained before deploying changes. Emergency changes are reviewed retrospectively to ensure compliance.
4. Communication: We proactively inform relevant stakeholders about planned changes, schedules, and impacts.

Capacity Management

We monitor and adjust system resources proactively to ensure availability and performance meet business requirements. Human resource capacity is reviewed annually as part of risk assessments.

Data Leakage Prevention

We classify and protect sensitive data according to the Data Management Policy. Employees receive regular training, and we implement technical measures, such as Data Loss Prevention (DLP) tools, to mitigate risks.

Data Encryption

We ensure the confidentiality and integrity of data through robust encryption protocols:

• Data at Rest: All data stored within our systems is encrypted using AES-256, adhering to industry standards for strong encryption.
• Data in Transit: Data transmitted across networks is encrypted using TLS (Transport Layer Security) to protect against interception and unauthorized access.

Separation of Environments

We maintain strict segregation between development, staging, and production environments to protect operational integrity and confidentiality. Customer data is sanitized before use in non-production environments.

System and Network Hardening

We configure systems and networks in line with industry standards, employing firewalls and access controls. Regular reviews of configuration rules ensure adherence to security policies.

Protection from Malware

Our systems are protected by anti-malware solutions. Any security incidents are managed promptly through our Incident Response Plan.

Information Backup

We back up critical systems and data regularly. Annual restore tests validate our backup and recovery processes to ensure data integrity and availability. We retain backups for 100 days.

Logging and Monitoring

We produce detailed logs for all critical activities, including access and configuration changes. Logs are stored securely and reviewed to detect potential threats and ensure compliance with security policies.

Clock Synchronization

We synchronize system clocks across our infrastructure using trusted network time servers to ensure consistent timestamps for all logged events.

Contact Us

If you have any questions or concerns about this Security Policy or our data practices, please contact us at:

RPPL LIMITED
441a Princes St, Dunedin, 9016, New Zealand
support@rppl.app.