1. Security principles
- Security is risk-based and purpose-driven.
- Controls are applied by role and responsibility.
- Periodic reviews are performed to improve effectiveness.
Security
Security is designed as part of operations
LLA applies access control, data protection, operational monitoring, and incident response principles to support high-reliability enterprise systems.
2. Access control
LLA applies appropriate access controls for users, operations teams, and administration teams. Access rights are granted based on job need and periodically reviewed to limit unnecessary privilege.
3. Data protection
Data that requires protection is handled with appropriate technical and governance controls both in transit and at rest. Protection levels are adjusted to data sensitivity, business requirements, and applicable law.
4. Event logging and monitoring
LLA records important events related to access, configuration changes, and system operations to support traceability when needed. Monitoring is performed to detect anomalies and enable early response.
5. Backup and recovery
LLA maintains backup policies and recovery validation appropriate to each system group to reduce operational disruption and support service continuity.
6. Vendor and third-party management
Third parties participating in service delivery are evaluated for security, privacy, and legal alignment before operational integration.
7. Security incident management
LLA maintains intake, analysis, containment, remediation, and recovery procedures for security incidents. Where notification duties apply, LLA follows timelines and conditions defined by applicable law.
8. Compliance with applicable law
LLA operates under applicable legal frameworks related to security, information safety, and personal data in the markets where services are delivered.