Last updated 06/02/2017
This statement exclusively covers Dialog’s policies and practices regarding information and data security. It's not a recapitulation of the law, nor does it attempt to define good conduct outside of the security context.
Dialog is a software-as-a-service (Saas) business. The company has a dedicated operations team that is responsible for ensuring the safe operation of Dialog’s websites. Members of this team are carefully vetted for reliability and responsibility, and are trained to be knowledgeable and aware of sensitive information.
All passwords and credentials that enable access to Dialog’s production system are stored in secure systems that are only accessible to authorized staff.
Only authorized staff has direct access to production machines. Development staff members have limited access to production services for debugging purposes, and only select authorized individuals have access to Dialog’s data stores for analytics purposes (see Data Security, below).
Dialog uses automated configuration management to ensure that all changes are applied in a deliberate manner. Every change to production, except in cases of emergency, go through the following stages:
Securing data in Dialog’s platform includes securing relational databases, online caches, and backups.
A select group of Dialog staff have limited, read-only access to real-time data for analytics purposes. The need for this access is reviewed on a quarterly basis.
Only data that does not contain any personally identifiable information (PII) may be sent to third-party services for business intelligence analysis Platform Security
Dialog’s platform also contains a number of security measures to ensure the secure performance of its services.
Keeping passwords and credentials secure for services used by Dialog is essential. Dialog uses a centralized, secure method for storing and disseminating passwords. Every Dialog employee and consultant is required to use this system for storing secure information.
Dialog requires the use of randomly generated passwords at least 20 characters long for all services. In rare instances, passwords may be shorter if the service provider does not allow 20 characters.
When services require access by multiple users, but do not offer multiple sign-in, credentials may be securely shared via our centralized system to enable team access. Sharing credentials by other means is not permitted.
Other secure information, like credit card information or secure tokens, must be stored in Dialog’s centralized store. It is not permitted to store such information in any other format.
Dialog provides all employees with an Apple laptop to effectively perform work.
All company-issued laptops are equipped with a provisioning profile.
All documents, files, and data must be stored in the company’s file storage accounts, revision control systems, or otherwise stored in a company-provided external system. Files may not be stored locally on laptops only. When a Dialog employee or contractor terminates employment, all data stored on company-issued laptops is destroyed.
All employees are issued an Employee Handbook, which includes policies regarding information and data security.