F13.1.1 Encryption Standards
AES-256 encryption for data at rest.
TLS/SSL for data in transit.
F13.1.2 Secure Backups
Encrypted, automated backups for disaster recovery.
Periodic deletion of old backups as per retention policies.
F13.1.3 Authentication Controls
Multi-factor authentication (MFA) for login.
Session timeout and auto-lock features.
F13.2 Regulatory Compliance
F13.2.1 Consent Management
Explicit user consent for data collection.
Ability to revoke consent easily.
F13.2.2 Region-Specific Compliance
GDPR for Europe.
HIPAA for the U.S. healthcare industry.
CCPA for California-based users.
F13.3 User Data Management
F13.3.1 Activity Logs
Track user actions like logins and data exports.
F13.3.2 Data Sharing Permissions
Manage who can access shared reports or data.
F13.3.3 Data Retention Policies
Allow users to specify retention timelines.
F13.1 Secure Data Storage
F13.1.1 Encryption Standards AES-256 encryption for data at rest. TLS/SSL for data in transit. F13.1.2 Secure Backups Encrypted, automated backups for disaster recovery. Periodic deletion of old backups as per retention policies. F13.1.3 Authentication Controls Multi-factor authentication (MFA) for login. Session timeout and auto-lock features.
F13.2 Regulatory Compliance
F13.2.1 Consent Management Explicit user consent for data collection. Ability to revoke consent easily. F13.2.2 Region-Specific Compliance GDPR for Europe. HIPAA for the U.S. healthcare industry. CCPA for California-based users.
F13.3 User Data Management
F13.3.1 Activity Logs Track user actions like logins and data exports. F13.3.2 Data Sharing Permissions Manage who can access shared reports or data. F13.3.3 Data Retention Policies Allow users to specify retention timelines.