Contact Us

WEBSITE SECURITY POLICY

  • Home
  • WEBSITE SECURITY POLICY
  1. Purpose
    This policy applies to all individuals who have access to, use, manage, or otherwise interact with the SPCA’s website, including but not limited to employees, volunteers, contractors, and third-party service providers.

  2. Scope
    The purpose of the Website Security Policy is to ensure the secure operation of the SPCA’s website and protect the data collected through it, particularly in relation to online donations. The policy outlines the procedures and security controls to defend against potential cyber threats, such as DDoS attacks and phishing attempts.

  3. Secure Online Transactions
    All online transactions will be conducted over secure, encrypted connections (HTTPS/SSL). Payment processing will be conducted using secure, trusted third-party payment processors that are PCI DSS compliant. SPCA does not store credit card details on its servers.

  4. Protection Against DDoS Attacks
    Measures will be put in place to protect the website from DDoS attacks. This may include the use of website firewall services, traffic monitoring, and rate limiting.

  5. Protection Against Phishing and Other Malicious Activity
    The website will be monitored for signs of phishing and other malicious activity. SPCA’s IT team or third-party service provider will employ intrusion detection systems and perform regular scans for vulnerabilities and malware.

  6. Data Protection
    Personal data collected via the website, such as names, addresses, and other contact information, will be stored securely and processed in accordance with SPCA’s Data Privacy Policy.

  7. Access Controls
    Only authorized personnel will have administrative access to the website. Authentication will require multi-factor authentication. User access will be reviewed on a regular basis, and promptly revoked when no longer required.

  8. Software Maintenance and Patching
    The website will be kept up to date with the latest security patches and updates. Regular maintenance will be carried out to ensure all website software and plugins are current.

  9. Reporting of Security Incidents
    Any suspected or confirmed security incidents related to the website should be reported to SPCA’s Incident Response Team immediately, as outlined in the SPCA Incident Response Plan.

  10. Review
    This policy will be reviewed annually or whenever significant changes are made to the website or its surrounding infrastructure.

By using the SPCA website, all users agree to follow and abide by the terms set forth in this policy.