decorative background art

Is Your Direct Mail Vendor Handling Your Data Correctly? Controls

Streamowrks Blog

Is Your Direct Mail Vendor Handling Your Data Correctly? Security Controls

 

In the first article of this series, we defined encryption, introduced encryption types and algorithms, and described how Steamworks uses encryption to protect your data.

 

While encryption is foundational to the proper handling and protection of sensitive data, it's essential to use it in combination with additional safeguards (or "controls").

 

To wrap up this two-part series, let's talk about these other security controls that the information security world divides into administrative, physical, and technical areas. We'll also look at how Streamworks addresses each of these categories to protect your data.

Administrative Controls

An easy way to remember administrative controls is to think of documentation. Having complete, detailed, and approved security policies, procedures, and standards is the bedrock of a maturing information security program. 

 

Information security governance also falls into this category. Governance is the guiding framework, process, and vision to ensure security strategies match business goals and objectives.

 

Administrative controls must also include security awareness training. It's the best way for a company's workforce to adopt the approved policies, procedures, and standards as an established way of doing business. All Streamworks employees partake in regular security training to ensure the confidentiality and integrity of your data are always maintained.

 

Streamworks employs a variety of administrative controls to protect your data. For example, we have a comprehensive Information Security Policy Manual that our executive team reviews and approves annually. That's governance in action.

 

Our Data Classification & Usage Policy defines the various data types we work with. Therefore, we always know how to handle data correctly. For example, all client data is classified as confidential by default, so we'll always use our strongest administrative, physical, and technical controls when handling client data.

 

We have a Data Retention Policy and data deletion checklists in conjunction with our Data Classification policy. They ensure confidential information is securely disposed of (including secure shredding of printed materials) at the end of the retention period.

Physical Controls

Physical controls might be the easiest to grasp because we're so familiar with them in daily life. You lock your house, car, and maybe even your office at work or your locker at the gym. You use alarm systems and surveillance cameras to protect and monitor your property, your family, and your information.

 

At Streamworks, we use a wide variety of physical controls to safeguard your data. We have security cameras and card access control throughout our facilities, protecting our data center and securing our servers. On top of that, a third-party security monitoring service monitors our alarm systems.

Technical Controls

Technical controls balance out the administrative and physical controls. This category consists of software, servers, network devices, monitoring, and other technology.

 

Streamworks implements technical controls through a "layered" security approach to properly handle and protect your sensitive data. For example, firewalls defend the perimeter of our network against threats from the Internet. We use antivirus on servers and workstations and have deployed network/host-based intrusion detection.

 

We use several techniques to monitor operational activities that help immediately respond to alerts and incidents. We monitor network activity, server hardware, operating systems, and more.

 

In addition, our IT and security teams proactively review various online information sources for the latest trends, threats, vulnerabilities, and system patches. 

Conclusion

You now have a good overview of how Streamworks uses several administrative, physical, and technical controls to provide you with our Secure Mail services (grab our Secure Mail PDF here).

 

There's a lot more we can talk about regarding our approach to data security, but we can save that for future posts, so stay tuned!

 

The bottom line is that all of our administrative, physical, and technical controls add up to one thing: Streamworks handles your data correctly—and securely.

 

Wondering if your marketing meets today's demanding data security standards? Sign up for a FREE 1-hour assessment with one of our secure mail experts to see if Streamworks is the right partner for you.