Data Privacy & Security Summary

Arvo Tech has a strong commitment to information security that extends from the security team to senior levels of the organization. This is demonstrated by having implemented, the following, information security controls:

• All data stored in the United States using AWS (Amazon Web Services)
• All data encrypted at rest using AES-256 and in-transit using at least TLS 1.2
• All data backed up daily/weekly/monthly and Disaster Recovery Plan is tested/updated annually
• Production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method
• Arvo Tech requires authentication to production datastores to use authorized secure authentication mechanisms, such as unique SSH keys
• Arvo Tech prohibits confidential or sensitive customer data, by policy, from being used or stored in non-production systems/environments
• Infrastructure monitoring tools are utilized to monitor systems, infrastructure, and performance. Alerting mechanisms are in place to alert staff when specific predefined thresholds are met or exceeded.
• Arvo Tech utilizes log management tools to identify events that may have a potential impact on Arvo Tech's ability to achieve its security objective
• Arvo Tech ensures that user access to in-scope system components is based on job role and function or requires a documented access request form and manager approval prior to access being provisioned
• Arvo Tech has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service
• Currently working towards SOC II Type 2 (expected by mid 2023)