Security Policy

Effective Date: December 1, 2024

Governance
Ashton Technology Solutions, Inc. d/b/a Ashton policies guiding the various teams at Ashton. Ashton recognizes the information security and risk management duties of the organization.

Access Management
In order to limit access to sensitive information, Ashton has established role-based access controls that account for job function, active employment, legitimate business need, and privacy best practices. Ashton’s access control division reviews roles on a quarterly basis to ensure compliance.

Physical Security
Ashton prioritizes the security of endpoints by ensuring all company assets have system hardening configurations enabled, including antivirus software.

Performance Monitoring
Ashton utilizes system monitoring tools, routine reviews, and comprehensive reporting to provide the basis for the effective operation of internal controls.
Ashton has action plans in place which facilitate timely responses to security events, and address compliance as well as confidentiality concerns. These are laid out and made available to employees in the form of written policies and procedures.

System Operations
Ashton ensures critical information is secured through the use of encryption technology and established backup policies and processes. Any deviation from the norm is promptly addressed by Ashton’s staff.

Ashton maintains incident response and business continuity plans that delineate duties and action plans during a security incident. In the case of malicious acts, natural disasters, or continuity events, Ashton maintains standards for identifying, documenting, reviewing, and remediating incidents faced by the organization. After an incident has been remediated, further analysis and management reviews take place in order to identify the root cause of the incident and prevent a similar occurrence in the future.

Privacy Questions and Concerns: info@ashtonsolutions.com