The Technical and Organizational Measures (TOMs) describe the security measures and controls implemented and maintained by Splashtop to protect and secure the personal data we store and process.
Access Control: Splashtop has implemented access controls to manage electronic access to data and systems. Our access controls are based on authority levels, need to know basis, and the separations of duties for those who access the system.
Security Incident Response: Splashtop has established Security Incident Response procedures that are designed to allow Splashtop to investigate, respond to, mitigate, and notify of events related Splashtop services and information assets.
Account and Password Policies: Splashtop users are assigned their own logins. Strong passwords and two-factor / multi-factor authentication are enforced throughout the organization.
Data Security Control: Splashtop’s data security controls include role-based access by following least-privilege principal, access monitoring, and logging. This means that all users have a minimal level of data access as they start using the Splashtop system.
Change Management: Change Management policy and process are maintained to ensure major changes are documented, tested, and approved with a documented rollback plan to ensure changes are authorized and successful.
Audit & Risk Management: Splashtop continually assesses the risks related to the Splashtop organization, monitoring and maintaining compliance with Splashtop policies and procedures.
Security Policies: Splashtop maintains and follows IT security policies and practices. These policies are regularly reviewed and amended as Splashtop deems reasonable. Splashtop employees complete information security training annually and comply with Splashtop’s ethical business conduct, confidentiality, and security policies as set out in Splashtop’s Code of Conduct.
Encryption: Splashtop encrypts all user data in transit and at-rest. Sessions are established securely using TLS and session contents are encrypted using 256-bit AES.
Business Resilience: Splashtop implements and maintains a Disaster Recovery and Business Continuity Plan and Procedures which is designed to maintain service and recovery from foreseeable emergencies or disasters.
Availability: Splashtop services are designed with auto-healing and auto-scaling capabilities to ensure service availability to Splashtop’s customers.
System Audit & Logging: Systems and applications access and activities are logged, stored, and analyzed to catch behavior abnormalities.
Threat and Vulnerability Management: Splashtop employs tools and practices like patch management, endpoint security, intrusion detection and prevention, and vulnerability disclosure program, along with penetration testing and vulnerability scanning to protect our entire organization from top to bottom.
This Policy was last updated: July 7, 2021