Technical and Organizational Measures

Pretera is committed to protecting the security of our customers, and therefore has implemented and maintains the technical and organizational measures (“TOMS”) described in this document.

This document details the TOMS employed by Pretera for protecting customers data and assets from unauthorized access, corruption, and loss.

1. Pretera Policies and Procedures
At Pretera, we practice physical security and information security policies and procedures for our services that are:

(a) Aligned with applicable prevailing industry standards and applicable laws;
(b) Designed to ensure the security and confidentiality of our customers and their data; and
(c) Constructed to protect against anticipated threats or hazards to the security or integrity of our systems, including unauthorized intrusion, disclosure, misuse, alteration, destruction, or other compromise of such information.
Upon Customer’s prior written request, we can provide our customers a copy of our current security policies.

2. Awareness and Training
All our employees are required to receive training on information security policies and risks at least on an annual basis and as part of our onboarding process for all new employees, including contractors. Besides this, we continue to provide its employees security training in order to develop products consistent with industry standard security considerations.

3. Personnel Security
As part of our recruiting and HR policy, we conduct pre-employment background checks as permitted by applicable law for all employees.

4. Access Controls
We maintain policies and processes to control and secure access to our own and customer’s data based upon the principle of least privilege through secure authentication, authorization mechanisms, and access control rules that take into account the risk associated with the particular information system and the type of information stored therein. These processes include multiple layers of access controls such as firewalls, tokens, security keys, and authentication.

User access management to our systems includes processes around user registration, access provisioning, management of privileged access rights to information, information systems, and removal or adjustment of access rights.

5. Data Segregation
Client data is being segregated on a dedicated tier, which is not accessible through the internet and is made available only to the people in charge in a secured manner e.g. using dedicated access provisioning and access review cycles.

6. Viruses, Malware, Phishing, etc.
We continuously seek to implement best practices and security technologies to protect our environment. We therefore work with leading security vendors to deploy various tools to mitigate the threat of viruses, malware, and phishing.

7. Encryption
We continuously perform encryption to mitigate the risk of unauthorized disclosure or alteration of our data while in transit or at rest. Cryptographic keys shall be protected against unauthorized access, disclosure, modification, and data loss.

8. Workstation Protection
Pretera has implemented protection measures on end-user devices and monitors those devices to be in compliance with the security standard requiring hard drive passwords, screensavers, antivirus software, firewall software, unauthenticated file sharing, hard disk encryption, and appropriate patch levels. Controls are consistently applied to detect and remediate workstation compliance deviations.

9. Business Continuity
Pretera seeks to maintain continuity of our operations through business continuity, redundancy, appropriate staffing of incident response personnel, and timely recovery of our critical processes and systems.

10. Incident Response
In case of an actual or reasonably suspected Data Incident, we will immediately:

(a) Take all necessary measures to contain the Data Incident and ensure that the same or similar Data Incident does not recur; and
(b) Investigate the Data Incident and cooperate with our customers (if applicable) in responding to any disclosure obligation related to the Data Incident.
11. Customer Data Retention and Disposal
Customer Data is retained until the expiration or termination of the agreed contract, after which it is disposed of in accordance with the appropriate policies in place.

12. Change Control
Pretera may change the TOMs from time to time to adapt to the evolving security landscape and will notify Customers of such changes.