Security & Encryption
Overview
At OCFR Gemba, we take the security of information seriously. We implement appropriate administrative, technical, and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction.
1. Data Security Principles
Our security program is based on the following principles:
- Confidentiality of information
- Integrity of data
- Availability of systems and services
- Risk-based security controls
- Continuous monitoring and improvement
2. Encryption in Transit
We use industry-standard encryption to protect data transmitted between your browser and our website:
- Secure communication via HTTPS (TLS encryption)
- Protection against interception and man-in-the-middle attacks
- Encrypted data exchange for web forms and interactions
3. Encryption at Rest
Where applicable, stored data is protected using encryption or equivalent security controls, including:
- Encrypted storage for sensitive data
- Access controls and authentication mechanisms
- Segregation of data based on sensitivity
Encryption at rest is applied based on the nature and sensitivity of the data.
4. Access Controls
Access to systems and data is restricted and controlled through:
- Role-based access permissions
- Strong authentication requirements
- Principle of least privilege
- Periodic access reviews
Only authorized personnel are permitted to access protected information.
5. Infrastructure & Hosting Security
Our infrastructure security measures include:
- Secure hosting environments
- Network firewalls and monitoring
- Regular system updates and patch management
- Logging and audit mechanisms
6. Monitoring & Incident Response
We maintain procedures to detect, respond to, and recover from security incidents:
- Continuous monitoring for suspicious activity
- Incident response and escalation processes
- Assessment and mitigation of identified risks
In the event of a data security incident, we follow applicable legal and regulatory notification requirements.
7. Third-Party Security
When working with third-party service providers:
- Vendors are assessed for security practices
- Data processing agreements are used where required
- Access is limited to what is necessary for service delivery
8. Data Minimization & Retention
We apply data protection best practices by:
- Collecting only necessary information
- Retaining data only for legitimate business or legal purposes
- Securely deleting or anonymizing data when no longer required
9. Compliance & Standards
Our security practices align with applicable data protection and security requirements, including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA/CPRA)
- Industry-recognized security best practices
This page is informational and does not constitute a certification or guarantee of security.
10. User Responsibilities
Users are encouraged to:
- Use secure devices and networks
- Protect login credentials (if applicable)
- Notify us of any suspected security issues
11. Updates to This Page
We may update this Security & Encryption page to reflect improvements or changes to our security practices. Updates will be posted on this page with a revised date.
12. Contact Information
For security-related inquiries or to report concerns:
OCFR–Gemba™
- Website: https://ocfr-gemba.com
- Email: jeffrey@ocfr-gemba