TLDR: Summary
- Compliance and security in Chronicle Cemetery Software actively follow key global regulations like VPDSS, GDPR, CCPA, and ISO, ensuring all data is handled securely.
- Through encryption, rigorous access controls, and robust backup measures, Chronicle guarantees comprehensive protection of customer data at all times.
- Chronicle not only protects data but also empowers its clients with proactive data management tools and has predefined protocols for dealing with security incidents.
- Chronicle’s approach to data security is tiered into four levels based on sensitivity and importance, underlining its ongoing commitment to continually enhancing data security.
In this digital era, the significance of data security and compliance is crucial. In managing cemeteries, it is really important to pay attention to the details and handle things carefully. At Chronicle, we understand how important this is, and that is why we make sure everything we do is based on these key points. In this blog, we will learn about the compliance and security in Chronicle Cemetery Software.
Compliance Measures in Chronicle
Chronicle uses Google Cloud Platform to help protect our data with some of the best security around. On top of that, we also follow various regulations required to ensure the data security of our clients based on specific requirements. For instance, we adhere to Victorian Protective Data Security Standards (VPDSS) and also achieve the ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015.
VPDSS mandates a robust approach to data security, calling for secure data handling processes, regular security training for staff, and incident management protocols. Chronicle achieves this by implementing strict access controls, ensuring only authorized personnel can access sensitive information. We conduct frequent security training sessions to keep our team up-to-date on the latest data protection practices. Furthermore, we have established a clear incident response plan to quickly address and mitigate any data breaches.
In addition, our ISO/IEC 17021-1:2015 and ISO/IEC 27006:2015 certifications ensure that your information is secured in our system. We stay in line with them by constantly checking our system for any security gaps and fixing them. We protect all our stored data with tough security (encryption), and we are continuously evolving and developing our security enhancement to make our defenses even stronger.
Strong Security through Comprehensive Measures
At Chronicle, both stored data and information in transit are secured using industry-standard encryption methods. This ensures that sensitive details are only accessible to authorized individuals. To bolster our defenses, we have employed the Google VPC Network firewalls, which filter incoming traffic and protect against unauthorized access.
We take access management seriously, granting employees only the necessary permissions they need to perform their duties. This approach minimizes internal security risks and enables us to monitor and respond to any suspicious activity swiftly. Our bastion servers act as a secure gateway for operational connections, further strengthening our control over who can access our network.
To guard against unforeseen events, Chronicle has implemented frequent backup and recovery protocols. Our daily backup routine, combined with Google Cloud Storage’s resilience, means that we can recover customer data rapidly in the event of cyber incidents or disasters, preventing them from being lost or corrupted.
Data Management Approach and Security Responsibilities
To strengthen our security framework, we use continuous integration and delivery via GitHub Actions. Each deployment is a controlled process, designed to roll out updates seamlessly and securely. Before we update our software, we always create an extra backup. This step is to make sure that even if something unexpected happens during the update, your data will not be corrupted. This meticulous attention to deployment helps prevent vulnerabilities during software updates. By automating our deployment (CI/CD) pipeline, we ensure that every change is reviewed, tested, and securely integrated.
To monitor our systems, we deploy Google Cloud Monitoring and Logging services alongside the dedicated Loki logs collector. This powerful combination allows us to continuously track system performance and security, providing real-time alerts for any unusual activity. With this level of oversight, we are able to identify and respond to potential issues before they become problems. Our proactive monitoring approach is an essential piece of our security, ensuring that our clients’ data is under constant guard.
Access to sensitive data within Chronicle is reserved for those with a necessary operational need. This is enforced through Multi-Factor Authentication (MFA) and Role-Based Access (RBA) controls to create a defense against unauthorized entry. Our network is further strengthened by Google VPC Network firewalls and intrusion detection systems that actively filter out malicious traffic and potential security threats. This multi-layered defense strategy ensures that the data entrusted to us by our clients remains secure and private.
Lastly, although the idea of Chronicle being sold or closing is very far-fetched, we understand that our clients might wonder what would happen to their data if such an unlikely event were to take place. In that case, we will give our customers a 30-day heads-up to get or move their data. After that, we delete the data carefully, following the best practices and laws. Moreover, our security system is rigorously designed and continuously monitored, with a strong track record of maintaining data safety. In the highly unlikely event that a data breach were to happen, we involve close collaboration with legal authorities to investigate and remediate with minimal disruption.
Information Security Levels and Ongoing Commitment
At Chronicle, data security is not a one-size-fits-all approach. We categorize data security into four distinct levels – Public, Business Confidential, Restricted, and Secret. Each level requires a different set of security measures, granting us the ability to manage and protect each data type efficiently according to its sensitivity:
- Public level refers to information that is publicly available and carries no harm if accessed by unauthorized parties.
- Business Confidential includes sensitive business information that could cause potential harm or damage to the company if disclosed inappropriately.
- Restricted refers to data that requires stricter access controls due to its sensitivity, typically involving personal data or proprietary information.
- Secret level includes our highest level of confidential information that, if leaked, could severely harm the company or individuals involved.
This thorough approach is part of our ongoing dedication. We see data security as an ongoing process, not a one-time goal, and we are committed to constantly improving how we protect data. By keeping up with the latest technology and changes in our field, we make sure we are always leading the way in keeping our clients’ information safe.
In the business of cemetery software, we know how important it is to handle data with care. At Chronicle, we take this responsibility seriously, offering a secure and trustworthy system. We stick to all the rules very strictly, have strong security in place, and are always on top of managing data. This makes Chronicle a solid and top-quality option for cemetery software needs. If you want to more about how Chronicle works and the cemetery digitization project carries on, you can always contact us any time at your convenience.