Lee Trans is committed to maintaining the trust of our clients and partners. Keeping your data secure is our top priority across our company and environment.
Separate environments are used for production and development applications.
Change Management Policy
A Change Management Policy governs the documenting, tracking, testing, and approving of software and infrastructure changes.
Organizational Management
Code of Conduct
Employees are required to acknowledge and sign Lee Trans' Code of Ethics Policy on an annual basis.
Acceptable Use Policy
An Acceptable Use Policy defines standards for appropriate and secure use of company hardware and electronic
systems including storage media, communication tools and internet access.
Information Security Policy
An Information Security Policy establishes the security requirements for maintaining the security of applications, systems, infrastructure, and data.
Organizational Chart
Lee Trans maintains an updated organizational chart and provides necessary resources for security management. Senior Management periodically reviews reporting relationships and organizational structures as a part of their organizational planning. Organizational structure is adjusted as needed based on changing commitments and requirements.
Vulnerability Management
Penetration Testing
Penetration testing is conducted on an annual basis.
Vulnerability Scanning
Quarterly vulnerability scans are performed on production devices.
Incident Response
Incident Management and Response Policy
An incident management and response policy governs the required processes for assessing and responding to security incidents.
Incident Response Plan
An Incident Response Plan outlines the process of identifying, assessing, containing and tracking confirmed incidents through to resolution.
Risk Assessment
Vendor Management Policy
A Vendor Management Policy defines a framework for the onboarding and reviewing vendors.
Vendor Reviews
Vendors providing services to the company are reviewed on an annual basis as a part of the vendor risk management process. Attestation and certification reports (including SOC2 reports) are obtained and evaluated when available.
Risk Monitoring and Management Policy
A Risk Monitoring and Management Policy governs the process for monitoring risks and conducting risk assessments.
Risk Assessment
Annual risk assessments are performed, which includes the identification of relevant internal and external threats
related to security and fraud.
Network Security
Firewall
A firewall is utilized to control network traffic and prevent unauthorized traffic from passing between the internal and external networks.
Intrusion Prevention
An intrusion prevention system is used to monitor and prevent network from external threats.
Security Event Monitoring
A security event management system is utilized to collect data from infrastructure to detect potential security
threats and unusual system activity.
Access Security
Removal of Access
Onboarding, offboarding and job transfer processes exist and occur for all new hires, job changes and terminations. Access is reviewed and granted or revoked based on the applicable process.
User Access Reviews
User access reviews are performed quarterly to
validate internal user access is commensurate with job responsibilities.
Access Control
Onboarding, offboarding and job transfer processes exist and occur for all new hires, job changes and terminations. Access is reviewed and granted or revoked based on the applicable process.
Physical Security
Restricted Data Center
All systems are hosted in a data center with appropriate physical security controls such as door badge readers, room and rack locks, and surveillance cameras.
Secure Disposal Practices
New hires are required to pass a background check as a condition of their employment.
