Work Wizard Security and Compliance

Organizational Security

At Work Wizard we prioritize the security of our platform and customer data. We have a dedicated team directly oversee and manage all aspects of our security objectives, risk assessments, and mitigation strategies. We are committed to maintaining high standards of security, availability, processing integrity, and confidentiality for our customer data.

We understand the importance of trust and security in our service and commit to upholding these principles in every aspect of our work.

Security Awareness and Privacy

Our commitment to security is not just organizational but also personal. Every one of us has signed a confidentiality agreement and adheres to a strict acceptable use policy. We regularly update our knowledge on information security, privacy, and compliance to ensure we are at the forefront of protecting our platform and our customers.

Security Infrastructure

Our platform is hosted on AWS, leveraging their robust security measures. We have built our system to utilize AWS's built-in security features to protect against threats and ensure data integrity.

Security and Privacy by Design

We don't just add security; we build it from the ground up. Our design and development processes incorporate security and privacy principles to ensure that these are integral components of our product.

Internal Controls

We handle internal reviews and audits amongst our team members, following industry best practices and standards. We proactively assess our policies and continuously strive to enhance our security measures.

Endpoint Security

We employ strict standards for any device that accesses our system. All devices are configured to adhere to stringent security configurations, including encryption, strong passwords, and automatic locking mechanisms.

Transparency and Trust

We believe in being transparent with our users about our security practices. As we grow, we will continue to update our community on our evolving security measures and practices.

Infrastructure security

Network Security

At Work Wizard our approach to network security is devised to build multiple layers of protection and defense. We are committed to employing best practices such as firewall implementations to prevent unauthorized access and control undesirable traffic. Our systems are logically segmented to ensure the integrity and security of sensitive data.

We maintain rigorous firewall monitoring, with the founding team regularly reviewing access logs and configurations. As we grow, we will establish a schedule for reviewing and updating firewall rules. Our infrastructure on AWS allows us to continuously monitor for discrepancies or suspicious activities, with automated notifications for any abnormal behavior detected in our production environment.

Network Redundancy

Our platform's components are designed with redundancy in mind. We leverage AWS's distributed grid architecture to safeguard our system against server failures, ensuring that our services remain accessible to users without interruption.

DDoS Prevention

We utilize DDoS mitigation services provided by established AWS technologies, designed to filter out malicious traffic while allowing legitimate requests to keep our platform highly available and performant.

Server Hardening

Our servers, used for development and testing, are hardened according to industry best practices, which include disabling unused ports and services, removing default passwords, and ensuring that the operating system images are secure by default.

Intrusion Detection and Prevention

We employ both host-based and network-based intrusion detection mechanisms to monitor for signs of unauthorized or malicious activity. Our team ensures that all administrative access and privileged commands are logged, with rules and analytics in place to alert us to potential security incidents.

Data Security

Secure by Design

We adhere to a rigorous change management policy, ensuring all updates and new features undergo a thorough security review before deployment. Our development processes align with secure coding guidelines and are complemented by code analysis tools and manual reviews to identify and remediate potential security vulnerabilities.

Data Isolation

Customer data is managed to ensure logical separation from other customers' data within our AWS-hosted environment, maintaining strict data privacy and integrity.

Encryption

Data in transit to our servers is protected using TLS encryption, and sensitive data at rest is encrypted using AES-256. We manage encryption keys using AWS Key Management Services, providing an additional layer of security.

Data Retention and Disposal

We retain customer data for as long as you engage with our services. Upon termination of your account, data will be purged from active databases and backups in line with our data retention policy. We also reserve the right to terminate inactive accounts after a specified period, with prior notice and an opportunity for you to back up your data.

Identity and Access control

Enhanced Security with Multi-Factor Authentication

With Work Wizard One-Auth, we bolster your account's defense layer by necessitating a second form of verification beyond your password. This multifaceted approach, supporting biometric recognition, push notifications, QR codes, and time-based OTPs, significantly minimizes the threat of unauthorized access.

For heightened security needs, we offer Yubikey Hardware Security Key integration for robust multi-factor authentication.

Regulated Administrative Access

Our commitment to data protection is demonstrated through stringent access controls and internal policies that limit employee access to user data. Adhering to least privilege and role-based access principles, we minimize exposure risks. Access to sensitive environments requires multiple authentication methods, including strong passwords, two-factor authentication, and SSH keys, all within a tightly secured and audited network.

Operational Security

Observation and Vigilance

Our operational security framework includes comprehensive monitoring of service operations, network traffic, and device utilization. Through diligent log collection and analysis — event, audit, fault, and administrative — we proactively detect anomalies and safeguard against unauthorized activities. These logs are securely stored, with access meticulously controlled to guarantee availability and integrity.

Customers have access to detailed audit logs for all update and delete actions within Work Wizard services.

Proactive Vulnerability Management

We employ a thorough vulnerability management protocol, utilizing third-party and proprietary scanning tools complemented by manual and automated penetration testing. Our security team remains vigilant, monitoring various security channels to address potential threats preemptively.

Identified vulnerabilities are systematically logged, prioritized, and managed until resolution, ensuring our systems are fortified against identified risks.

Robust Malware and Spam Defense

Work Wizard actively scans all files with a sophisticated anti-malware system, regularly updated with the latest threat intelligence. We maintain a robust stance against malware and enforce DMARC to curtail spam, supplemented by our proprietary detection system against phishing and other abuses, with a dedicated team overseeing these protections.

Reliable Backup Procedures

Our backup protocol includes daily incremental and weekly comprehensive backups via the Work Wizard Admin Console, with all data encrypted and stored in a secure, accessible format for a standard retention period.

We employ RAID technology to safeguard backup integrity, conducting regular scheduling and integrity verifications to assure data resilience.

We advocate for clients to conduct regular local backups to further ensure data security.

Assured Disaster Recovery and Business Continuity

We ensure application data robustness through real-time replicated storage across data centers. Our infrastructure boasts multiple ISPs and critical physical safeguards like power backups, climate controls, and fire prevention systems to guarantee uninterrupted service.

Incident Management and Notification

Our dedicated incident response team ensures prompt communication and resolution of security events. We engage with affected parties directly, providing necessary documentation and taking steps to prevent future occurrences.

In compliance with GDPR, we promptly notify Data Protection Authorities and affected parties in the event of a breach.

Customer Security Empowerment

In conjunction with our stringent security measures, there are pivotal actions you, as our esteemed customer, can undertake to fortify your defenses:

· Establish and safeguard a robust, unique password.

· Activate multi-factor authentication.

· Consistently update to the newest versions of web browsers, mobile operating systems, and mobile apps to leverage the latest security patches and features.

· Apply discernment when disseminating data from our cloud-based services.

· Categorize your data as personal or sensitive and label them distinctly.

· Vigilantly monitor the devices connected to your account, active web sessions, and third-party access to identify any unusual activities, and adeptly manage roles and privileges associated with your account.

· Stay vigilant against phishing and malware threats by scrutinizing unfamiliar emails, websites, and links that may mimic Work Wizard or other trusted services aiming to compromise your sensitive information.

Conclusion 

As we navigate the evolving landscape of cyber threats, we pledge to remain vigilant, transparent, and proactive in our security endeavors. Together, with your collaboration and our relentless dedication to security, we forge a partnership that not only anticipates threats but also fortifies our collective defenses against them.

We thank you for entrusting us with your data and pledge to advance our security measures to exceed industry standards and your expectations.

GDPR Compliance

· Data Processing Justification: We will only process personal data where we have a legal basis to do so (e.g., consent necessary for a contract, compliance with a legal obligation, protection of vital interests, or for legitimate business interests).

· Data Protection Measures: We will implement strict security protocols, including encryption, access control, and regular employee security training.

· Data Minimization: Only the minimum personal data required to deliver our services will be processed.

· Data Subject Rights: We will uphold all data subjects' rights under GDPR, including access, rectification, erasure, restriction of processing, data portability, and objection.

· Data Breach Notification: In the event of a data breach, we will follow GDPR requirements for notifying supervisory authorities and affected individuals when there is a high risk to their rights and freedoms.

· Cross-Border Data Transfers: Personal data will only be transferred outside the EU with adequate protection.

· Data Protection Officer (DPO): A DPO will be appointed to oversee GDPR compliance and act as a point of contact for supervisory authorities and data subjects.

CCPA Compliance

· Transparency: We will provide a clear and accessible privacy notice outlining our data collection, processing, and sharing practices.

· Consumer Rights: We will recognize and facilitate the rights of California consumers, including the right to know about personal information collected, disclosed, or sold, the right to request deletion of personal information, and the right to opt out of the sale of personal information.

· Service Provider Agreements: We will ensure that any service providers with whom personal information is shared are contractually bound to respect the privacy and confidentiality of such data in line with CCPA requirements.

· Training: Employees who handle personal information will be trained on the provisions of the CCPA.

· Non-Discrimination: We will not discriminate against any consumer for exercising their CCPA rights.