Privacy Policy

DATA PROTECTION POLICY

 

Introduction

At Sheltair, we are committed to safeguarding the confidentiality, integrity, and availability of our data, as well as ensuring compliance with applicable data protection laws and regulations. This Data Protection Policy outlines our approach to data protection and the processes in place to maintain data security.

Policy Statement

Sheltair acknowledges the importance of data protection and commits to:

1. Protecting sensitive data from unauthorized access, disclosure, alteration, and destruction.
2. Complying with all relevant data protection laws and regulations.
3. Regularly reviewing and updating our data protection practices.
4. Conducting risk assessments to identify and mitigate potential threats.
5. Providing ongoing training and awareness programs for employees.

Data Protection Processes

Monthly Compliance Workflow

1. Security Tools and Services: Sheltair utilizes advanced security tools and cloud services to protect our endpoints, email, and backend servers. These include endpoint security, email threat protection, and server security solutions.

2. Monthly Reports: Monthly security reports, including Huntress reports, AV reports, and email security reports, are generated.

3. Internal IT Review: The Sheltair internal IT department reviews these reports at the end of each month.

4. Gap Analysis: The internal IT team identifies and evaluates any gaps or security issues that have occurred over the month, including blocked security threats, inbound/outbound email analysis, top targeted users, and blocked threats by category.

5. Configuration Checks: Security systems perform daily configuration checks to address any errors or warnings found in the reports.

6. Email Threat Protection: MX records recommended by the email threat protection solution are used to ensure reliable email delivery and filtering quality.

Weekly Summary for Endpoint Detection and Response

1. Endpoint Detection and Response (EDR): Sheltair utilizes Azure-based endpoint detection and response services.

2. Weekly Summary: A weekly summary is submitted and reviewed for security incidents and events within the Sheltair aviation services organization.

3. Mail Server Allowlisting: Allowlisting domains are performed to ensure deliverability and compatibility with the phishing simulator.

Incident Management

1. ITSM Ticketing System: All processes, incidents, and reports are documented in the Sheltair IT Service Management (ITSM) ticketing system.

2. Incident Handling: Tickets are created when reporting errors or security incidents occur, allowing for thorough event logging and review of events involving workstations or user emails.

Conclusion

Sheltair is dedicated to maintaining robust data protection practices, including regular monitoring, review, and continuous improvement. All employees are expected to adhere to this Data Protection Policy, and any violations will be addressed in accordance with our internal procedures and applicable laws.

This Data Protection Policy is subject to regular review and updates as necessary to ensure its effectiveness in an ever-evolving security landscape.