...
The Security Principle consists of seven categories:
Organization and Management: How is PreVeil structured as a company? How does the company oversee the services performed?
Communication: How does PreVeil communicate with our internal and external users about how the system works? How do we communicate policies, procedures, and expectations to authorized users and other parties?
Risk Assessment & Risk Management: How is PreVeil implementing controls to manage known risks? How do we select the controls that are put in place to meet the criteria?
Monitoring: Once a control is put in place, how is PreVeil monitoring it to know that it is operating effectively and appropriately addressing the risk? Do any changes or remediations need to be made?
Physical & Logical Access: How do we control access to sensitive data and systems within our organization?
System Operations: How does PreVeil manage day-to-day processes and procedures? This includes what PreVeil does on a daily, weekly, and monthly basis to provide our services.
Change Management: When PreVeil has to make changes to our system or services, how are these changes documented? How does PreVeil test those changes and address any new risks that may be associated with these changes? How are the changes approved prior to being made?
...