Security Policy

To ensure the security and integrity of DiversiTEA Matters' website and protect sensitive information from unauthorized access, breaches, and other cyber threats.

This policy applies to all employees, contractors, and third-party users who access the DiversiTEA Matters website and associated systems.

• SSL Certificates: All sensitive data transmitted between the server and the client is encrypted using SSL certificates provided by GoDaddy.
• Firewall Protection: GoDaddy's hosting includes firewall protection to block malicious traffic and safeguard against unauthorized access.
• DDoS Protection: GoDaddy offers Distributed Denial of Service (DDoS) protection to prevent attacks that could disrupt website availability.
• Daily Backups: Automated daily backups ensure that data can be restored in the event of a security incident or data loss.
• Malware Scanning and Removal: Regular scans are conducted to detect and remove malware from the website.

• User Access Management: Access to the website’s administrative functions is restricted to authorized personnel only. Unique user IDs and strong passwords are required.
• Two-Factor Authentication (2FA): All administrative accounts must enable 2FA to add an extra layer of security.
• Regular Software Updates: Ensure that all website software, plugins, and applications are regularly updated to the latest versions to protect against vulnerabilities.
• Data Encryption: Sensitive customer data, such as payment information and personal details, must be encrypted both in transit and at rest.
• Incident Response Plan: A defined incident response plan must be in place to quickly address and mitigate any security breaches or cyber incidents.
• Employee Training: Regular cybersecurity training sessions for employees to stay informed about the latest security threats and best practices.
• Secure Payment Processing: Use trusted and secure payment gateways for processing transactions to protect financial data.

• PCI DSS Compliance: Adhere to the Payment Card Industry Data Security Standard (PCI DSS) to ensure secure handling of credit card information.
• GDPR Compliance: Ensure compliance with the General Data Protection Regulation (GDPR) for handling data of customers from the European Union.

• Regular Security Audits: Conduct periodic security audits to identify and address potential vulnerabilities.
• Continuous Monitoring: Implement continuous monitoring tools to detect and respond to suspicious activities in real-time.

• Privacy Policy: Maintain a clear and comprehensive privacy policy that outlines how customer data is collected, used, and protected.
• Data Minimization: Only collect data that is necessary for business operations and customer service.
• Secure Data Disposal: Ensure that obsolete or unnecessary data is securely disposed of to prevent unauthorized access.

• Third-Party Vendors: Ensure that all third-party vendors adhere to security standards and practices that align with this policy.
• Contractual Obligations: Include security requirements in contracts with third-party vendors to ensure they are responsible for protecting shared data.

• Policy Review: This cybersecurity policy will be reviewed annually or as needed to ensure it remains effective and up-to-date with evolving cyber threats.
• Policy Updates: Any updates to this policy will be communicated to all relevant parties promptly.

Contact Us If you have any questions or concerns about this Privacy Policy, please contact us at:

DiversiTEA Matters

Email: Contact@diversiTEAmatters.com 

Phone: (609) 269-4427 

Address: P. O. Box 4074

Trenton, NJ 08610