Security

Your Data Is in Safe Hands With Us

At Livingroom, we take data security seriously and, therefore, have established comprehensive information security policies.

 

Continual Commitment to Data Protection and Information Security


Following industry standards, we have established a comprehensive information security program and implemented effective controls to protect the data of our customers, our own business as well as other stakeholders. We follow a regular cycle, setting objectives for information security, and take a continual improvement approach, constantly reviewing and improving our security controls.

Working to Implement the ISO 270001 Standards

In order to document and demonstrate our efforts with information security for our customers, we have committed to implementing the comprehensive ISO 27001 industry standard for information security. We have already implemented parts of the standards and will seek to be accredited within a reasonable period of time.

security5

Comprehensive Information Security Policies


Our data and information security are specified and documented in a number of detailed policies, covering a wide variety of information security-related areas. Our comprehensive set of policies are implemented in our systems and the employees of Livingroom Analytics have undergone awareness training, making sure that we carefully follow our own policies and have active controls in place.

Data Protection Areas Addressed
Encryption

We encrypt storage of data in the cloud as well as data transactions over the Internet.

- Encryption at rest – AES-256 encryption
- Encryption in motion – Symmetric encryption using TLS (Asymmetric techniques used to share session key)

Access Controls

We have established and implemented access controls in relation to the performance of the contract with our customers, in accordance with the risk assessment in force.

- Role-based access controls (RBAC) for Livingroom users and customers.
- User authentication mechanisms with strong passwords
- Access by the Livingroom team is maintained according to business needs and job role.
- Access controls at Livingroom Analytics follows the principles of least privilege, where the default approach is to assume that access is not required.
- Furthermore, Livingroom has, among others, implemented procedures for user registration and deregistration, minimization of common user accounts as well as access reviews

Logging and Monitoring

In carrying out the contract with our customers, we have activated log files that are kept and reviewed on a regular basis. Logging include registration of user activity, access to data, exceptions, errors and data security events.

Back-up

Livingroom performs regular backup of customer data as well as software in accordance with documented procedures.

- Back-ups are stored at a separate Microsoft data center at another location than the main location of customer data, while still in the EEA.
- Back-up samples are verified on a regular basis to confirm their integrity.
- Restoration from backup can be requested by the customer on a next day basis.

Physical Protection

At Livingroom, we make an effort to protect our physical areas in relation to the performance of customer contracts against access by non-authorised personnel.

- Microsoft Azure Data Centers are protected by access requests and approval, access points, security officers and two-factor authentication with biometrics.
- While our cloud has a strict physical protection, we also see the need of protecting Livingroom Analytics’ physical facilities. We have secured our own facilities according to risk assessment and implemented procedures for visitors, paper and equipment security as well as equipment lifecycle management.

Anti-Malware Control

We have taken steps to protect our IT equipment against malware. Among others, we have implemented procedures for anti-virus, spam filtering, software installation and scanning, vulnerability management and malware incident management.

Mobile Device Security

Care and security of mobile devices such as laptops, tablets and smartphones, have our attention, and, among others, we have implemented policies for securing mobile devices through technologies such as:

- Full disk encryption
- VPN
- Remote wipe
- Inactive lock
- Mobile device audits

Electronic Messaging Control

We acknowledge that e-mailing and text-messaging sometimes might be the weakest link in an otherwise comprehensive information security program. Thus, we have implemented controls and procedures protecting us against electronic messaging attacks.

HR Security Controls

As a professional organization and a responsible employer, Livingroom Analytics takes information security seriously and has defined a policy which describes the controls required with regard to human resources, covering entrance, employment and termination of employment.