TaskFord Security Policy
Effective Date: Mar 20, 2026
1. Purpose, Scope, and Organization
1.1 Purpose. This Security Policy defines TaskFord’s security standards, processes, and governance controls to ensure a secure and reliable cloud service. It applies to all TaskFord employees, contractors, consultants, and third-party service providers.
1.2 Scope. This policy covers:
- Protection of customer data stored, processed, or transmitted within TaskFord’s Cloud Services.
- Security of systems and infrastructure, including cloud environments and internal corporate systems.
- Compliance with data protection regulations such as APPI (Japan), SOC 2, and GDPR (security best practices only)
- Employee security training and awareness.
1.3 Governance & Evolution. This policy is reviewed annually to address evolving security threats and regulatory changes. TaskFord’s security team is responsible for overseeing security implementation, maintenance, and enforcement.
2. Security Program.
TaskFord maintains a comprehensive Security Program designed to protect the confidentiality, integrity, and availability of customer data, systems, and services.
2.1 Security Team & Responsibilities. TaskFord’s dedicated Security Team is responsible for: (i) Implementing and maintaining security measures across cloud, applications, and corporate infrastructure, (ii) Conducting internal security audits and risk assessments to ensure compliance, (iii) Managing identity and access controls to enforce least privilege access, (iv) Responding to security incidents, vulnerabilities, and emerging threats, (v) Educating employees through mandatory security training and awareness programs. (vi) Security policies are reviewed annually and updated to address emerging risks and industry standards.
2.2. Security Framework. Our security framework aligns with SOC 2 (Certified) and GDPR (Compliant). We maintain a structured approach to security across the following areas: Risk management & compliance, Security incident detection & response, Access control & identity management, Vulnerability management & penetration testing, Business continuity & disaster recovery, Employee security training & awareness, Vendor security & third-party risk management.
2.3. Security Organization. TaskFord’s dedicated Security Team oversees the implementation, monitoring, and enforcement of security measures. Responsibilities include: (i) Regular risk assessments and security audits, (ii) Continuous monitoring for threats and vulnerabilities, (iii) Incident response and remediation of security risks, (iv) Ensuring compliance with regulatory and contractual security obligations.
3. Security Assessments, Certifications, and Attestations
3.1 Security Program Monitoring. TaskFord regularly assesses its security program effectiveness through: Continuous Security Monitoring, Internal Audits, Annual Third-Party Security Audits, Penetration Testing
3.2 Certifications & Compliance. TaskFord follows SOC 2 and GDPR best practices. Our compliance efforts focus on maintaining strong standards for security, availability, confidentiality, and the lawful processing and protection of customer data.
3.3 Penetration Testing & Vulnerability Management. Annual penetration tests are conducted by independent security firms. TaskFord maintains a bug bounty program where security researchers can report vulnerabilities for review. Critical vulnerabilities are addressed within 30 days, high-risk vulnerabilities within 60 days, and medium or low-risk issues as part of routine security updates.
3.4 Security Artifacts & Customer Requests. TaskFord provides security documentation to customers upon request, including the SOC 2 Type 2 Report, security assessment summaries, and the Data Protection Addendum (DPA).
3.5 Customer Audits. Customers may request remote security audits, subject to a 30-day advance notice, a pre-agreed audit scope, and minimal disruption to TaskFord operations.
4. Security Incident Management
4.1 Security Monitoring. TaskFord continuously monitors systems, applications, and network activity to detect unauthorized access attempts, anomalous behavior or attack patterns, and malware or security threats.
4.2 Incident Response. TaskFord maintains a Security Incident Response Plan, reviewed and tested annually. The response plan includes threat detection and analysis, incident containment and mitigation, remediation and recovery processes, and post-incident reviews for continuous improvement.
4.3 Incident Notification. If a data breach occurs, TaskFord will notify affected customers within 72 hours as required by GDPR and provide an incident impact analysis and remediation plan.
5. Security Controls
5.1 Access Control. Role-based access control (RBAC) ensures users only have necessary permissions. Multi-factor authentication (MFA) is required for administrative access. Access is revoked within one business day after employee termination.
5.2 Encryption. Encryption key management follows NIST recommendations and APPI security guidelines.
5.3 Availability & Disaster Recovery. Automated daily backups ensure data recovery. Geo-redundant infrastructure protects against data center failures. Annual disaster recovery testing validates recovery plans.
5.4 Device Security. Company-managed devices must have hard drive encryption enabled. Antivirus and endpoint protection software are required on all systems. Mobile Device Management (MDM) enforces remote security control.
5.5 Physical Security. Data centers meet SOC 2 Type 2. Strict access controls are enforced for office and data center environments.
5.6 Vendor & Third-Party Security. Third-party security assessments are conducted annually. All vendors handling customer data must comply with TaskFord’s security policies.
6. Employee Security Training & Background Checks
6.1 Security Awareness Training. Mandatory security training is required upon hiring and annually. Phishing awareness simulations reduce social engineering risks.
6.2 Background Checks. Pre-employment background screening is required for employees with data access roles. Compliance with regional legal requirements for personnel security is maintained.
7. Updates to Security Policy.
TaskFord regularly updates its Security Policy to adapt to evolving threats, best practices, and compliance requirements. Customers will be notified of major security policy changes, ensuring transparency and continued protection of customer data.
For security inquiries, contact support@taskford.com.