Home

Security Policy

Last updated: November 2025

1. Introduction

At SciLattice Inc., we are committed to maintaining the highest standards of information security and data protection.
This Security Policy outlines the principles, controls, and procedures we implement to ensure the confidentiality, integrity, and availability of all data processed through our platform, services, and digital infrastructure.

2. Purpose and Scope

This policy applies to all users, employees, contractors, and third-party service providers who access or manage SciLattice’s systems and data.
It covers:

  • Customer and corporate data protection

  • Network and system security

  • Incident response

  • Access management

  • Data encryption and storage practices

3. Security Governance

Our information security program is guided by:

  • Canadian privacy laws (PIPEDA) and the Ontario Personal Health Information Protection Act (PHIPA) when applicable.

  • ISO/IEC 27001 and NIST Cybersecurity Framework best practices.

  • Continuous monitoring and risk assessment of our IT infrastructure.

The Security Officer at SciLattice is responsible for overseeing compliance, policy updates, and staff awareness.

4. Data Protection and Privacy

  • All user data is handled in accordance with our Privacy Policy and applicable Canadian regulations.

  • Data is collected and processed strictly for the purposes required to deliver our services.

  • Access to personal information is limited to authorized personnel under confidentiality agreements.

5. Data Encryption and Storage

  • All sensitive data in transit is protected using TLS 1.3 or higher.

  • Data at rest is encrypted using AES-256 encryption.

  • Passwords are hashed and salted following industry standards (e.g., bcrypt).

  • Encryption keys are securely managed and rotated periodically.

  • Cloud storage is hosted on Canadian-based or SOC 2-compliant servers.

6. Network and System Security

  • Firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are deployed to monitor and protect network traffic.

  • Regular vulnerability scans and penetration tests are conducted by certified professionals.

  • System updates and security patches are applied promptly.

  • Access to production environments is controlled via multi-factor authentication (MFA) and role-based access control (RBAC).

7. Access Control and Authentication

  • Every user and employee is assigned a unique ID and authentication credentials.

  • Administrative access is restricted and monitored.

  • MFA is mandatory for internal and privileged accounts.

  • Access logs are retained and audited regularly.

8. Incident Response Plan

In the event of a security breach or system incident, SciLattice follows a structured Incident Response Plan (IRP) that includes:

  1. Immediate containment and assessment of the threat.

  2. Notification of affected users and relevant authorities (as required by law).

  3. Investigation and root cause analysis.

  4. Implementation of corrective measures and reporting.

We commit to transparency and timely communication in case of any breach affecting user data.

9. Business Continuity and Disaster Recovery

  • Regular data backups are performed and stored in encrypted form across redundant systems.

  • Disaster recovery procedures ensure restoration of operations within minimal downtime.

  • Contingency plans are tested periodically to ensure operational resilience.

10. Employee Awareness and Training

  • All employees receive ongoing cybersecurity and privacy training.

  • Access privileges are reviewed regularly.

  • Security awareness programs include phishing prevention and data handling best practices.

11. Third-Party and Vendor Security

  • All vendors and third-party service providers undergo a security assessment before integration.

  • Contracts require compliance with SciLattice’s security and privacy standards.

  • Regular reviews ensure continued adherence to data protection obligations.

12. Continuous Improvement

SciLattice continuously evaluates and enhances its security posture through:

  • Regular audits and risk assessments.

  • Monitoring of emerging threats and cybersecurity trends.

  • Updating controls to meet evolving compliance standards.

13. Contact and Reporting

If you suspect any security issue or potential data breach, please contact our Security Team immediately:

📧 info@scilattice.com

We may use cookies or other tracking technologies when you visit our website, including any related media, mobile websites, or mobile applications. These tools help us customize the Site and enhance your user experience. learn more

Allow