Security Statement

LAST UPDATED: June10, 2020

This Security Statement applies to the products, services, websites and apps offered by Community Marketing Partnership and their affiliates (collectively “Community Marketing Partnership”), which are branded as “Community Marketing Partnership” except where otherwise noted. We refer to those products, services, websites and apps collectively as the “services” in this Statement.

We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

Physical Security

Community Marketing Partnership’s information systems and technical infrastructure are hosted at our corporate facility. Physical security controls include 24×7 monitoring, cameras, entry requirements, and dedicated secure areas for Community Marketing Partnership hardware.

Access Control

Access to Community Marketing Partnership’s technology resources is only permitted through secure connectivity. Our production password policy requires complexity, expiration, and lockout and disallows reuse. Community Marketing Partnership grants access on a need to know on the basis of least privilege rules, reviews permissions regularly, and revokes access immediately after employee termination.

Security Policies

Community Marketing Partnership maintains and regularly reviews and updates its information security policies. Employees must acknowledge policies and undergo additional training such as HIPAA training, Secure Coding, PCI, and job specific security and skills development and/or privacy law training for key job functions. The training schedule is designed to adhere to all specifications and regulations applicable to Community Marketing Partnership.

Personnel

Community Marketing Partnership communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.

Encryption

We encrypt your data in transit using secure TLS cryptographic protocols.

Development

Our development team employs secure coding techniques and best practices. Development, testing, and production environments are separated. All changes are reviewed for performance, audit, and forensic purposes prior to deployment into the production environment.

Asset Management

Community Marketing Partnership maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with encryption and up-to-date antivirus software. Only company-issued devices are permitted to access corporate and production networks.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Community Marketing Partnership learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us.

Information Security Aspects of Business Continuity Management

Community Marketing Partnership’s databases are backed up on a rotating basis of full and incremental backups and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability.