- Product Security
- Data Security
- Data Encrypted At-Rest
- Data Encrypted In-Transit
1 more topic
- Incident Management & Response
- Data Breach Notification
- Incident Response Plan (IRP)
Our Incident Response Plan reflects that security incidents must be managed in an efficient and time effective manner to make sure that the impact of an incident is contained and the consequences for our business and our customers are limited.
Our Incident Response Plan sets out the Allison plan for reporting and dealing with security incidents, including:
Security incident recognition
Roles and Responsibilities
Incident response steps
- Availability & Reliability
- Auto Scaling
- Data Redundancy
1 more topic
- Organizational Security
- Employee Workstations Automatically Locked
In order to prevent unauthorized access, devices must be password protected using the features of the device and a strong password is required to access the company network. Allison has a formal Password policy.
All devices must lock itself with a password or PIN if it’s idle for five minutes. Rooted (Android) or jailbroken (iOS) devices are strictly forbidden from accessing the network.
Employees’ access to company data is limited based on user profiles defined by IT and automatically enforced.
- Limited Employee Access (Principle of Least Privilege)
Allison uses CyberArk to manage principle of least privilege: https://www.cyberark.com/what-is/least-privilege/
- Business Continuity
- Business Continuity Plan
This document establishes procedures and processes to maintain operational continuity for businesses based on two types of disruptions that could occur individually or in any combination:
Loss of services due to a reduction in workforce (e.g., during pandemic influenza);
Loss of services due to equipment or systems failure (e.g., information technology (IT) systems failure, electrical grid failure).
The Allison Business Continuity Plan objective is to facilitate the resumption of critical operations, functions, and technology in a timely and organized manner to ensure a viable and stable organization. In doing this it is critical to ensure the safety and well-being of employees and customers.
The primary objectives of the plan are to:
• Maintain Critical Business Functions
• Most critical departments/business functions
• Protect vital data
• Ensure that they are accessible under all conditions
- Disaster Recovery Plan
1 more topic
- SOC 2 Type II - Data Center
Sign up to see the rest of Allison's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.