Security Policy

Our comprehensive approach to protecting your data, systems, and business operations.

Last updated: December 16, 2024

Security Commitment

At Phi Azar, security is not just a priority—it's fundamental to everything we do. We are committed to protecting the confidentiality, integrity, and availability of your data and systems through industry-leading security practices and continuous improvement.

Infrastructure Security

Cloud Security

  • Multi-cloud architecture with AWS, GCP, and Azure
  • Encrypted data storage and transmission
  • Regular security assessments and penetration testing
  • Automated security monitoring and alerting

Network Security

  • Firewall protection and intrusion detection
  • DDoS protection and mitigation
  • VPN access for remote team members
  • Network segmentation and micro-segmentation

Endpoint Security

  • Device encryption and secure boot
  • Endpoint detection and response (EDR)
  • Regular security updates and patch management
  • Mobile device management (MDM)

Data Protection

Encryption

  • Data at Rest: AES-256 encryption for all stored data
  • Data in Transit: TLS 1.3 for all communications
  • Key Management: Hardware Security Modules (HSM) for key storage
  • Database Encryption: Transparent Data Encryption (TDE) for databases

Access Controls

  • Multi-factor authentication (MFA) for all accounts
  • Role-based access control (RBAC) with least privilege principle
  • Regular access reviews and deprovisioning
  • Privileged access management (PAM) for administrative accounts

Data Classification

  • Public, Internal, Confidential, and Restricted data categories
  • Automated data discovery and classification
  • Data loss prevention (DLP) controls
  • Regular data inventory and mapping

Personnel Security

Background Checks

All team members undergo comprehensive background checks including criminal history, employment verification, and reference checks.

Security Training

Regular security awareness training covering phishing, social engineering, data handling, and incident response procedures.

Confidentiality Agreements

All team members sign comprehensive confidentiality and non-disclosure agreements before accessing client data or systems.

Monitoring and Detection

Security Information and Event Management (SIEM)

24/7 monitoring of security events across all systems with automated threat detection and response.

Vulnerability Management

Regular vulnerability scans, penetration testing, and security assessments to identify and remediate potential weaknesses.

Threat Intelligence

Continuous monitoring of threat landscapes and integration of threat intelligence feeds to stay ahead of emerging threats.

Incident Response

Response Plan

We maintain a comprehensive incident response plan that includes immediate containment, investigation, eradication, and recovery procedures.

Response Timeline

  • 0-1 hour: Initial detection and assessment
  • 1-4 hours: Containment and initial response
  • 4-24 hours: Investigation and eradication
  • 24-72 hours: Recovery and lessons learned

Compliance and Certifications

SOC 2 Type II

Security, availability, and confidentiality controls

ISO 27001

Information security management system

GDPR Compliance

European data protection regulations

CCPA Compliance

California consumer privacy act

Third-Party Security

We carefully vet all third-party vendors and service providers to ensure they meet our security standards:

  • Security questionnaires and assessments
  • Contractual security requirements
  • Regular security reviews and audits
  • Incident notification requirements
  • Data processing agreements (DPAs)

Business Continuity

Disaster Recovery

Comprehensive disaster recovery plan with regular testing, multiple backup locations, and rapid recovery procedures to minimize downtime.

Backup and Recovery

Automated, encrypted backups with point-in-time recovery capabilities and regular restoration testing.

Security Reporting

We maintain transparency about our security practices and provide regular updates to clients:

  • Monthly security status reports
  • Quarterly security assessments
  • Annual security audits and certifications
  • Incident notification procedures
  • Security improvement recommendations

Contact Security Team

For security-related questions, concerns, or to report a security incident, please contact our security team:

Security Email:security@phiazar.com
Incident Hotline:+98 (902) 525-1066
Address:Phi Azar, Tehran, Iran

Security Notice

This security policy is reviewed and updated regularly to reflect evolving threats and best practices. We reserve the right to modify our security measures as necessary to maintain the highest level of protection for our clients and their data.