Strategic Marketing FTC Safeguard Frequently Asked Questions
Does Strategic Marketing have a Designate a Qualified Individual to Oversee, Implement, and Enforce your Information Security Program?
Strategic Marketing has a cross-department Security Team led by the Director of Data and Systems Security. The Security Team meets regularly to conduct risk assessments and access controls.
Does Strategic Marketing Conduct Risk Assessments on Information Security and Existing Safeguards?
Strategic Marketing’ Security Team conducts an annual Risk Assessment and approval of Security Policies and Procedures. The last approval was in November 2022.
Does Strategic Marketing Implement Mandatory Safeguards to Control Risks?
Strategic Marketing’ Security Team has implemented the following safeguards to protect both internal and customer data.
- Access Controls The Security Team maintains an access control policy that is established, documents, and is reviewed based on business and security requirements for access.
- Systems Inventory Strategic Marketing maintains an inventory of Physical and Digital Assets via Pulseway MDM and is reviewed annually by the Security Team and regularly by the IT Infrastructure team.
- Encryption Encryption is used throughout the Strategic Marketing system. Data in transmission is always transmitted using the current industry standard of SSL and Secure FTP. Data at rest is stored on encrypted storage arrays.
- Secure Development Practices Detection, prevention, and recovery controls to protect against malicious code and appropriate user awareness procedures are implemented. All developers review their code against the OWASP Top 10 Web Application Security Risks to limit the opportunities for information leakage.
- Multi-Factor Authentication (MFA) Strategic Marketing uses Multi-Factor Authentication to access networks where confidential and sensitive data is stored and manipulated.
- Disposal Procedures Strategic Marketing policy is to securely dispose of customer information as long as it is necessary to complete contracted campaigns, run analysis and be prepared for future campaigns.
- Change Management Procedures Strategic Marketing’s Change Management plan sets expectations on how the approach to changes is managed, what defines a change, the purpose and role of the change core teams, and the overall change management process.
- Monitoring and Logging of Authorized User Activity Strategic Marketing logs and monitors access to systems with Confidential and sensitive data.
Does Strategic Marketing Regularly Test or Audit the Effectiveness of Your Safeguards’ Key Controls, Systems, and Procedures?
Strategic Marketing regularly tests the system using daily emerging threat scans, quarterly vulnerability scanning, monthly patch management scanning and annual penetration testing. Strategic Marketing is reacquiring its SOC2 certification.
Does Strategic Marketing Implement Policies and Procedures for Personnel to Implement Your Information Security Program?
Prior to employment background verification checks on all candidates for employment and contractors shall be carried out in accordance with relevant laws and regulations. These checks will be proportional to the business requirements, the classification of information accessed and the perceived risk.
This background verification check will be stored securely in the Employees file for verification during audits and security reviews.
As part of their employment agreement employees and contractors shall agree and sign the terms and conditions of their employment through the Employment Information Security Handbook. This handbook shall state the employee’s responsibilities for information security.
Does Strategic Marketing Oversee Service Providers?
Strategic Marketing requires all third-party providers and data processors to sign both a non-disclosure agreement and a Confidentiality Agreements and have Compliant Security Programs. The Confidentiality Agreements are based on the classification of data being secured and the owner of the data.
Does Strategic Marketing have an Incident Response Plan?
An incident management policy is established, documented, and reviewed based on business and security requirements. The policy should require Reporting of Weaknesses and Events, reporting of security events, reporting of security weaknesses, Management of Security Incidents, Responsibilities, and procedures, Learning from information incidents and Collection of Evidence.
Does Strategic Marketing Prepare an Annual Report to the Board or Equivalent?
Strategic Marketing’s security program is Executive sponsored by the Chief Operating Officer and is an agenda item during quarterly management planning meetings with the Executive Team.