Step 7 of 11

Security Measures

Document how you protect personal data.

Technical Measures

Select the technical security measures your organization implements:

Encryption at rest

Data stored encrypted

Encryption in transit

TLS/SSL for data transmission

Access controls

Role-based access to data

Firewalls

Network protection

Intrusion detection

Monitoring for threats

Regular backups

Data recovery capability

Secure authentication

MFA, strong passwords

Logging and monitoring

Audit trails

Organizational Measures

Document the organizational controls in place:

Security policies

Documented procedures

Employee training

Data protection awareness

Vendor management

Due diligence on processors

Incident response

Breach handling procedures

Regular assessments

Security audits and reviews

Access reviews

Periodic permission audits

Data classification

Categorizing data sensitivity

Confidentiality agreements

Employee and vendor NDAs

Template Security Statement

"We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls based on the principle of least privilege, regular security assessments, and employee training on data protection practices."

Certifications & Compliance

If you have security certifications, include them:

ISO 27001SOC 2PCI DSSHIPAACyber Essentials

Data Breach Notification

Your policy should explain what happens if a data breach occurs:

• How you detect and investigate breaches
• Notification to authorities per DPDPA requirements
• When and how affected individuals will be notified
• Steps taken to mitigate harm

💡 Be Honest, Not Specific

Don't include details that could help attackers (like specific software versions). Focus on the types of measures rather than implementation details.

Data Retention

Preview & Export