Summary
This document is a technical report detailing the security program at Poka. It outlines the organization's commitment to safeguarding data through a comprehensive security framework that aligns with industry standards such as ISO 27000 and NIST 800-53. The report describes various aspects of security, including personnel practices, vendor management, data encryption, and infrastructure security. It explains how Poka ensures data protection through advanced encryption standards for data at rest and in transit, as well as secure key management. The document also covers internal controls for access management, incident response strategies, and disaster recovery plans. Additionally, it highlights the company's annual SOC 2 Type II audit process to maintain compliance with the AICPA Trust Services Criteria and GDPR requirements. The report emphasizes the importance of continuous evaluation and adaptation of security measures to address evolving threats.
