Security, Privacy & Compliance

Our commitment to data integrity, infrastructure security, and operational excellence.

Information Security Policy

Lowmips.com, LLC maintains a comprehensive Information Security Policy (ISP) designed to ensure the Confidentiality, Integrity, and Availability (CIA) of all corporate and client data. Our framework aligns with industry best practices (NIST/ISO standards) to manage risk.

This policy governs information systems, networks, and data utilized by the company. The specific security controls, procedures, and standards outlined within our framework are implemented where applicable and appropriate, determined by the specific scope of work, data sensitivity, and technical requirements of each client engagement.

Network Segregation & Protection

We employ a Defense-in-Depth strategy to secure our network infrastructure. This includes:

  • Logical Segmentation: Utilization of VLANs and subnets to isolate development, staging, and production environments.
  • IDS/IPS Implementation: We utilize industry-standard Intrusion Detection and Prevention Systems. These are configured to monitor traffic flows, analyze protocol anomalies, and block malicious signatures in real-time.
  • Firewalls: Strict firewall rules are maintained to deny all traffic by default, allowing only necessary services.

Endpoint Protection

All company workstations and servers are secured using robust anti-malware and antivirus software. This solution is integrated into our security baseline to:

  • Perform automated, scheduled scanning for malware, trojans, and viruses across file systems.
  • Scan incoming mail gateways and file transfer directories.
  • Receive automated definition updates daily to protect against new threats.
  • Prevent unauthorized execution of known malicious binaries.

Operational Security Baseline

Lowmips.com, LLC enforces a strict security baseline for daily operations to minimize the attack surface:

  • Multi-Factor Authentication (MFA): MFA is mandatory for accessing all cloud environments, email, and internal systems.
  • Password Policy: Complex passwords are required (minimum 12 characters, mixed case, special characters) with regular rotation enforced.
  • Screen Locking: Automated screen locking triggers after 5 minutes of inactivity.
  • Disk Encryption: All workstations utilize full-disk encryption (e.g., BitLocker/FileVault) requiring a unique passkey/TPM unlock.
  • Clear Desk Policy: Sensitive physical documents and removable media must be secured when workspaces are unattended.

Access Control & Least Privilege

Access to systems and personal data is governed by the Principle of Least Privilege (PoLP). Users are granted only the minimum level of access required to perform their specific job functions. We utilize Role-Based Access Control (RBAC) to manage permissions. Access rights are reviewed quarterly, and access is immediately revoked upon the termination of employment or a change in role.

Data Classification & Encryption

Data is classified into tiers (Public, Internal, Confidential, Restricted) to determine appropriate handling controls. To protect sensitive data:

  • Data at Rest: Encrypted using AES-256 standards on all servers, databases, and portable devices.
  • Data in Transit: All data transmissions over public networks are encrypted using TLS 1.2 or higher.

Incident Response Policy

We maintain a formal Incident Response Plan (IRP) that defines the lifecycle of a security incident. The plan clarifies roles and responsibilities for the Incident Response Team (IRT).

View Full Incident Response Policy →

Vulnerability & Threat Management

We proactively manage threats through:

  • Regular Scanning: Automated vulnerability scans are conducted weekly on all infrastructure.
  • Patch Management: Critical security patches are applied within 72 hours of release; non-critical patches are applied within 30 days.

Internal Personal Data Protection

We are committed to the protection of employee, contractor, and partner data. This policy outlines how personal data is collected, processed, and stored internally. Access to personnel records is strictly limited.

View Internal Data Protection Policy →

Privacy Policy

Lowmips.com, LLC respects the privacy of our clients and users. Our external Privacy Policy details the types of data we collect, the purpose of collection, and the rights users have regarding their data.

View Full Privacy Policy →

Data Breach Notification

In the event of a confirmed data breach affecting personal or sensitive data, Lowmips.com, LLC adheres to a strict notification timeline. We are committed to notifying affected providers, sellers, and regulatory bodies without undue delay, and no later than 72 hours after becoming aware of the breach. Notifications will include the nature of the breach, the data categories involved, and the measures being taken to mitigate adverse effects.