ENTERTAINMENT CONNECTS LLC
dba ArtCee
Security Policy
Updated 2024
Overview
System Architecture
We operate a multi-tenanted system where multiple platforms are hosted within a centralized core. Our infrastructure is built on a highly scalable and reliable cloud platform, allowing us to provide a cost-effective solution capable of supporting millions of users.
Infrastructure
Our system's underlying infrastructure is designed to ensure scalability, security, and high availability. We use industry-leading cloud services to manage user authentication, data storage, and backend processing. These services enable us to handle large volumes of data securely and efficiently.
Applications
We provide two primary front-end applications:
-
User Marketplace: A platform for end-users, offering a responsive and intuitive user experience.
-
Administrator Dashboard: A management interface for administrators, enabling efficient platform oversight and control.
Backend Services
Our backend architecture includes a robust and secure API framework that facilitates communication between the front-end applications and the underlying infrastructure. This setup ensures the seamless and secure operation of our services. We are committed to maintaining the highest standards of security and performance through continuous monitoring and improvement of our infrastructure and applications. Our security measures include regular audits, encryption of data in transit and at rest, and adherence to best practices in cloud security.
Compliance and Security Standards
We are committed to maintaining the highest standards of security and compliance. Our infrastructure leverages the robust security features provided by Amazon Web Services (AWS). We adhere to AWS compliance programs and best practices to ensure the safety and security of our clients' data. This includes:
• AWS Compliance Programs: We align with various AWS compliance programs, ensuring our services meet industry standards and regulatory requirements.
• Security Best Practices: We implement AWS security best practices, including data encryption, access controls, and regular security assessments.
• Continuous Monitoring and Improvement: Our security measures are continuously monitored and updated to adapt to evolving threats and maintain compliance with AWS standards.
Availability
Our application is built on a serverless architecture using a leading cloud provider, ensuring high availability and reliability. This setup allows automatic scaling to handle growth efficiently and includes robust disaster recovery procedures to minimize downtime and data loss.
• Serverless Architecture: Facilitates automatic scaling and high availability.
• Disaster Recovery: We have established stringent recovery time objectives (RTO) and recovery point objectives (RPO) to ensure rapid recovery and minimal data loss in the event of a disaster.
Compliance
We are committed to maintaining the highest standards of security and compliance. Our infrastructure adheres to various industry standards and certifications to ensure the protection of our clients' data.
• Compliance Programs: Our services align with multiple compliance programs, ensuring our infrastructure meets rigorous security and regulatory standards.
• Security Best Practices: We implement best practices to protect against common vulnerabilities, including those outlined in the OWASP Top Ten.
Key Security Measures
• Data Encryption: All data is encrypted both at rest and in transit to ensure its confidentiality and integrity.
• Authentication and Access Control: Robust mechanisms are in place to authenticate users and control access to resources, ensuring only authorized users can access sensitive information.
• Regular Security Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
• Continuous Monitoring: Our systems are continuously monitored for suspicious activity, and logs are securely stored and analyzed to detect and respond to threats promptly.
All user data is processed in the UK and is GDPR Compliant
• Solid access management is in place.
• Data Processing Agreements in place between all third-party processors.
• The technical systems and storage are secure and encrypted, to prevent data loss.
• Enable users to contact us easily to request, update or delete their data.
• Continued monitoring and logging to prevent unauthorized access and audit any such occurrence.
• Regular security assessments.
• Process in place for Data Breach.
• Data Protection Officer appointed.