1. Production Database Authentication
CollabAi mandates secure authentication for its production databases using authorized methods such as unique SSH keys and username/password combinations, ensuring access is restricted through security groups.

2. Account Authentication
All systems and applications within CollabAi require the use of unique usernames and passwords or authorized SSH keys for authentication.

3. Restricted Production Application Access
Access to the CollabAi application is limited exclusively to authorized users through security groups.

4. Established Access Control Procedures
Our access control policy documents the procedures for managing user access, including:

• Adding new users
• Modifying existing users
• Removing user access

5. Restricted Production Database Access
Access to production databases is limited to authorized users with a business need, managed through security groups.

6. Firewall Access Control
Access to the firewall is restricted to authorized personnel based on business necessity.

7. Operating System Access Restrictions
Privileged access to the operating system is limited to authorized users with a business requirement.

8. Production Network Access Control
Access to the production network is restricted to authorized users only.

9. Access Revocation Upon Termination
We implement termination checklists to ensure that access for terminated employees is revoked within agreed SLAs.

10. Remote Access Authentication
Remote access to CollabAi’s production systems is permitted only for authorized employees through approved connections.

11. Infrastructure Performance Monitoring
Monitoring tools are used to oversee system performance and generate alerts when specific thresholds are met.

12. Regular Firewall Rule Reviews
Firewall rulesets are reviewed annually, with required changes tracked to completion.

13. Maintained Service Infrastructure
Routine maintenance and patching of the infrastructure ensure that servers are fortified against security threats.

14. Secure Data Transmission
Confidential data is encrypted during transmission over public networks using secure protocols.

15. Business Continuity and Disaster Recovery Plans
We have established BC/DR plans that include communication strategies to maintain information security continuity in case of key personnel unavailability.

16. Regular Testing of BC/DR Plans
The BC/DR plan is documented and tested at least annually to ensure effectiveness.

17. Configuration Management System
A configuration management procedure is in place to ensure consistent deployment of system configurations.

18. Enforced Change Management Procedures
All changes to CollabAi’s software and infrastructure must be authorized, documented, tested, reviewed, and approved before implementation.

19. Restricted Production Deployment Access
Access to migrate changes to production is limited to authorized personnel.

20. Established Backup Processes
Our data backup policy outlines requirements for the backup and recovery of customer data.

21. Communication of System Changes
Customers are notified of critical system changes that may impact their processing, while authorized internal users are informed of relevant system changes.

22. Conducted Access Reviews
Access reviews are performed at least quarterly for in-scope system components to ensure proper access restrictions, with required changes tracked to completion.

23. Required Access Requests
User access to in-scope systems is determined by job role or requires a documented request and manager approval prior to provisioning.

24. Deletion of Customer Data Upon Termination
Confidential customer data is purged from the CollabAi environment when customers exit the service, following best practices.

25. Secure API Key Management
API keys are securely stored as environment variables instead of hardcoding them into source code, with access restricted to authorized users and systems.