RC: 1758373

Data Leakage Prevention (Control 8.12)

At RemitPro, safeguarding sensitive data is fundamental to our operations and customer trust. In alignment with ISO/IEC 27001:2022 Control 8.12, we have implemented robust Data Leakage Prevention (DLP) measures to ensure that sensitive information is not disclosed, transmitted, or accessed by unauthorized parties.

Purpose

The purpose of our DLP framework is to:

  • Detect and prevent unauthorized data transfers.
  • Protect sensitive information from intentional or accidental leaks.
  • Comply with applicable data protection regulations and industry standards.

Scope

This policy applies to all:

  • RemitPro employees, contractors, and partners.
  • Systems, applications, and devices used to process RemitPro data.
  • Customer and business data in any format (electronic or paper).

Data Leakage Prevention Measures

RemitPro enforces the following DLP practices:

  1. Network and Endpoint Monitoring
    Continuous monitoring of inbound and outbound data traffic to detect suspicious activities.
  2. Content Inspection
    Automated scanning of files, emails, and data streams to identify sensitive information such as financial records, customer identifiers, and authentication credentials.
  3. Access Control
    Enforcing the principle of least privilege to limit data access to authorized users only.
  4. Email and File Transfer Restrictions
    Limiting the ability to send sensitive data via unapproved channels or to external parties without authorization.
  5. Cloud and Storage Controls
    Monitoring and securing cloud-based storage solutions to prevent unauthorized sharing.
  6. Incident Response
    Establishing clear procedures for responding to potential or confirmed data leakage incidents, including reporting, investigation, and remediation.

User Responsibilities

  • Never bypass or disable DLP controls.
  • Report any suspected data leakage immediately to the security team.
  • Handle sensitive data according to RemitPro’s Data Classification Policy.

Review and Improvement

This DLP policy is reviewed annually or upon significant changes in our operations or applicable regulations to ensure its continued effectiveness.