GymMaster Security Policy
The team at GymMaster work hard to make sure you have easy and efficient access to your personal data, but we’re also committed to keeping it safe. We employ multiple levels of security to your data, our systems and our networks.
In order to protect your data, we start with the basics, with all devices and files password protected.
Further to this, our internal password policy requires our staff to use strong, randomly generated passwords that are changed regularly, and to ensure they are kept safe, we use an industry standard password manager.
Personal / Confidential Information
When accessing client information, our staff follow a strict information disclosure policy, where the confidentiality of Client’s and Member’s personal data is held in highest regard. A copy of our policy is available on request.
Our internal security and systems are routinely checked via monthly internal security and penetration tests, and our overall codebase is updated and patched weekly, meaning any potential issues are proactively identified, isolated and remediated.
All on-premise hard drives are encrypted at rest, meaning that in the event of a physical security issue, all data remains safely protected.
Our data centres are maintained and managed to the highest industry standards and have the following compliance certifications:
- ISO/IEC 27001:2013
In addition, our security policy is supported by our data centres having the following policies and practices –
- Access to the data center floor is restricted to data center employees and authorized visitors
- Data Centers are staffed 24/7/365 with security guards and technicians
- All employees and visitors are identified using biometrics and ID checks before entering the facility
- HVAC and power have redundant back-ups, so if one goes out, the others keep our systems powered and within operating temperature
- Multiple Internet carriers using independent fiber connections to the data center floor ensure a failsafe connection to the cloud
- Our networks within the data centers have redundant routers, switches, and service providers. Multiple systems can fail without affecting downtime, performance or security
Updates to this Policy
We may need to make changes to this Security Policy from time to time. Any changes will become effective as soon as they are posted to our website, or communicated by other means.
If you have any questions regarding this Security Policy, please get in touch by email at – firstname.lastname@example.org