Diamond Tech website security policy

1. Overview

This security policy formulated to ensure security, reliability and integrity of Diamond Tech´s systems and network and applies only to Diamond Tech and websites that carry the Diamond Tech brand, and not to other companies or organisation´s websites to which we are linked to. We have clearly marked Diamond Tech and these branded websites with our logo so you know where this policy applies.

3. Website and on-line security

This website is secured using a Thawte Digital Certificate. This ensures that in certain areas like "Order Checkout  and "My Account" we use industry-standard SSL-encryption to protect data transmissions via the World Wide Web.

If any other internet user intercepts the communication he/she will only be able to see it in an encrypted (garbled) form. Certificate technology allows us to decrypt the information, and view it in plain text form. To learn more about Secure Sockets Layer ( SSL ) visit www.openssl.org website.

3. Browser security preference settings

Your browser´s security preference settings are the key to ensuring secure communication over the internet. This is the first line of defence against theft and unauthorised viewing of confidential personal information. The most popular browsers offer the ability to receive an alert or notification if you change between secure and unsecured transmission modes, or if you receive an invalid site identification notice from a site to which you are about to send a message over an "open" or unsecured connection. Check the settings of your browser security features to see all the options that are available and those that are currently selected.

The presence of security measures surrounding the entry of data on a web page is identified in two ways on your browser. The URL identifying the page will always begin with "https://" versus the normal "http://" a security symbol to indicate operation in a mode that supports secure transmissions:

The secure system requires a security-enabled browser such as Microsoft Internet Explorer version 2.1 or higher, or Netscape Navigator version 2.0 or higher.

4. Passwords

Choose a password that is at least six characters long. In general, a good password will have a mix of lower- and upper-case characters, numbers, and should be at least 6 characters long. Unfortunately, passwords like this are often hard to remember and result in people writing them down. Do not write your passwords down!

Here are some of the types of passwords that will be picked up by crackers: words from any dictionary, your user name, your real name, your spouse´s name, abbreviations, asteroids, biology, cartoons, character patterns, machine names, famous names, female names, bible, male names, movies, myths-legends, number Patterns, short phrases, places, science fiction, shakespeare, songs, sports, surnames.

5. PGP (Pretty Good Privacy)

PGP is the world´s defacto standard for email encryption and authentication, with over 6 million users. It can be downloaded at: www.pgpi.org website. In order to communicate, the public keys must be exchanged.

6. Accountability

Some transactions will provide you with a "receipt" after you have submitted the transaction. The receipt is intended to inform you that the transaction has been successfully processed. Transactions which provide receipts are clearly identified at the outset, so that you will know what kind of receipt to expect and what to do if you do not receive one.

We will undertake auditing and logging of all security related events, including the recording of all necessary information to identify the causes of an event and the person or entity which was responsible for the event. Where such an event occurs, we will take steps to minimise the risk of such an event from occurring in the future. Such steps may lead to further investigation and possible prosecution.

7. Confidentiality of information

Only authorised personnel and users will be permitted access to information which you provide to the Diamond Tech. All information collected or passing through our systems will be treated in accordance with relevant legislation or other legal requirements for the protection of the confidentiality, privacy or secrecy of that information.

We will ensure that appropriate safeguards are in place and that, as necessary, the classification of information is undertaken in accordance with identified policies. We will keep the amount of your information collected by, stored on or passing through our systems to an absolute minimum and will only use information for the purpose for which it is provided.

8. Off-line issue

While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our user information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information.

Furthermore, all employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers information is protected.

Finally, the servers that we store personally identifiable information on are kept in a secure environment, behind a locked cage.

9. Policy summary

• If we decide to change our Security Policy for Diamond Tech, we will post those changes here.
   
• All services provided by Diamond Tech are subject to the above policy.
   
• Questions about this Security Policy should be sent to: info@diamondtech.com.
   

This document last revised on: October 12, 2004. 10:59:15 .