Data Security Questions

How does Site Stacker protect against a security breach?

• Access Controls: Administrator access is restricted to authorized users for applications, databases, networks, VPNs, and operating systems.

• Encryption: Sensitive data is encrypted both in transit and at rest using industry-standard algorithms.

• Firewall Rules: Configured to prevent unauthorized access threats.

• Intrusion Detection: Tools are used to monitor and log network breaches and anomalies, with alerts and appropriate actions taken.

• Vulnerability Scans: Performed quarterly to identify and remediate security risks.

• How would your company handle a security breach if it took place?

• Incident Response Plan: A documented plan guides employees in identifying, reporting, and acting on breaches. This includes a breach response plan to address data breaches effectively.

• User Access Review: Annual reviews of user access ensure inactive users are removed, documented by management.

• Intrusion Detection: Continuous monitoring and logging of potential or actual network breaches ensure timely alerts and responses.

What systems do you have in place to defend against malicious threat actors?

• Firewalls: Configured to prevent unauthorized access.

• Intrusion Detection Systems: Monitor and log network breaches and anomalies.

• Antivirus: Installed on all servers to protect against viruses and malicious software.

• Automatic Patching: Servers are configured to automatically install critical security patches.

How do you make sure your staff are trustworthy?

• Background Checks: Required prior to hiring.

• Security Training: Provided to employees and contractors upon hire and annually, including information on reporting security incidents.

• Acceptable Use Policy: All staff sign a policy outlining rules for the acceptable use of information and compliance with legislative and contractual requirements.

What systems are in place to detect and fix vulnerabilities?

• Vulnerability Scans: Performed quarterly, with results assessed and remediated as required.

• Automatic Patching: Ensures that servers are updated with critical security patches.

• Configuration Standards: Baseline security configurations are maintained and deployed to all systems, reviewed annually.

Do you have any third-party oversight regarding your security?

• Vendor Controls: Relationships with suppliers, service providers, contractors, consultants, and cloud providers are managed through rigorous vetting and regular audits, ensuring they meet security requirements.

• Non-Disclosure Agreements: Employees and contractors sign these agreements upon hire to ensure information security responsibilities are clear.

What policies are in place to make sure customer data is safe?

• Data Classification Policy: Establishes a defined scheme for labeling and handling data, reviewed annually.

• Data Retention/Deletion Procedures: Remove data based on retention schedules, contract requirements, and deletion rules, ensuring data disposal is tracked and compliant.

• Information Security Policy: Maintained, reviewed, and updated annually to govern the overall security framework.

What does your company do to assure system availability to customers?

• Business Continuity Plan: Developed to identify processes, roles, and milestones for maintaining business continuity and restoring system functionality during major disruptions. This plan includes disaster recovery procedures and is reviewed and tested annually.

• Change Management: Policies and procedures ensure infrastructure and application changes are tested, reviewed, and approved before implementation, minimizing disruptions and maintaining system availability.

• Redundancy and Failover Systems: Implemented to ensure high availability and reliability of systems, reducing downtime for customers

Updated on: 14/04/2026