1        Introduction

1.1        This policy (the "Klaxon Security Policy") governs the technical controls and organisational controls that Klaxon has implemented protect Customer Data.

1.2        References in this Policy to "you" are to any customer for Klaxon and any individual user of Klaxon (and "your" should be construed accordingly); and references in this Policy to "us" are to identify provider(and "we" and "our" should be construed accordingly).

2        Technical Controls

2.1        Encryption of data at rest within the Klaxon web application, using database encryption.

2.2        Encryption of data in transit between the Klaxon web application and Customer endpoints, using SSL encryption.

2.3        Encryption of email alerts sent to the Customer, using TLS encryption, if the Customer supports this. We support up to TLS 1.3.

2.4        All outbound email sent from Klaxon will be signed using DKIM.

2.5        Encryption of Microsoft Skype for Business/Microsoft Teams between the Klaxon web application and the Customer endpoints, using SSL encryption.

2.6        Weekly external vulnerability scans of the Klaxon web application and internal vulnerability scans of the database platform.

2.7        SAML/OAUTH based authentication, if the Customer supports this.

2.8        Advanced Threat Protection (ATP) for the database platform.

2.9        DNSSEC is enabled for the klaxon.io domain and all subdomains.

3        Organisational Measures

3.1        Klaxon will maintain ‘Cyber Essentials Plus’ certification.

3.2        Annual GDPR / Information Security training.