Last Updated 26 January 2021

Technical and Organisational Security Measures

Document Purpose

This document describes the technical and organisational measures implemented by Arts Alliance Media (AAM) to ensure the protection of personal data that AAM processes. This document acts as a high-level overview of AAM's technical and organisation security measures. Specific details on the measures implemented by AAM are available upon request. AAM reserves the right to revise these measures at any time, without notice, so long as such revisions do not materially reduce the protection of personal data.

Organisational security measures

• Organisation management and the appointment of dedicated staff who are responsible for the development, implementation and maintenance of AAM's information security.
• Audit and risk assessment procedures are in place for the purpose of periodic review and assessment of risks to AAM.
• Information security policies are maintained by AAM and are periodically reviewed.
• Operational procedures and controls are in place for the configuration, monitoring, and maintenance of AAM technologies and systems.
• All AAM users are identified with a unique ID. Access reviews are conducted periodically, and access is changed or revoked as required.
• All disposed media is destroyed using certified methods including the obtaining of certification pertaining to the final destruction.
• Change management procedures to approve and monitor changes to AAM technology assets.
• Incident and problem management procedure designed to allow AAM to investigate, respond, and mitigate events related to AAM technology and information assets.
• Physical access to data centre and server facilities is restricted to authorized personnel only. Access is reviewed regularly and revoked when applicable. All facilities are monitored for access and have environmental protection according to industry standards/best practices.
• Business Continuity/Disaster Recovery plans designed to maintain service and recover from emergencies or disasters.

Technical security measures

• AAM applications use strong cryptographic protocols to protect traffic in transit.
• AAM employ security technologies to mitigate Denial of Service/Distributed Denial of Service attacks, and to ensure intrusion detection/prevention.
• AAM perimeter networks are protected with stateful packet inspection firewalls. AAM uses the best practice of accept by exception only. All access is locked to mitigate the scope of any attempted attack.
• Access to AAM systems is controlled using role-based access systems. AAM employs the industry best practice of least privilege basis.
• Password policy mandates the use of strong password strength for all systems.
• Security and event management systems are used within AAM as best practice to monitor and record user access and security events.
• Patch management systems are used to identify and remediate identified security threats.
• AAM employs best practice systems and procedures to restrict network access to authorized users' computers. Networks are segregated to minimise the scope of any security breach.

If you require any further information, please contact dataprotection@artsalliancemedia.com.