Skip to content

AirSight.com Website Security Policy

1. Purpose

This Website Security Policy defines the controls and procedures in place to protect the AirSight.com website and its associated systems, users, and data from unauthorized access, misuse, and cyber threats. It demonstrates AirSight’s commitment to cybersecurity and provides assurance to clients, partners, and stakeholders.

2. Scope

This policy applies to:

- The AirSight.com public-facing website

- Any web applications or portals hosted under the AirSight.com domain

- Underlying hosting infrastructure, databases, and integrations

- All personnel and third parties involved in website management

3. Security Principles

AirSight.com security is governed by the following principles:

- Confidentiality: User data and client information are protected from unauthorized access.

- Integrity: Website content and backend data must not be altered maliciously or accidentally.

- Availability: The site must remain available to legitimate users with minimal downtime or disruption.

4. Authentication and Access Control

- Admin and CMS access is protected using Multi-Factor Authentication (MFA).

- Role-based access controls (RBAC) limit access to backend systems based on job function.

- All access to hosting and database environments is logged and reviewed periodically.

5. Data Protection and Privacy

- Personally Identifiable Information (PII), if collected, is transmitted using HTTPS and stored encrypted at rest.

- No sensitive client data is stored on public-facing web systems.

- AirSight complies with applicable data protection laws, including GDPR and CCPA.

6. Secure Development Practices

- All development follows secure coding guidelines (OWASP Top 10).

- Changes to the website are deployed through a version-controlled CI/CD pipeline with pre-deployment security checks.

- All third-party libraries and plugins are reviewed, updated regularly, and monitored for vulnerabilities.

7. Vulnerability Management

- AirSight.com undergoes regular vulnerability scans and annual external penetration testing.

- Identified vulnerabilities are prioritized using CVSS scores and remediated according to the following timeline:

- Critical: within 48 hours

- High: within 5 business days

- Medium/Low: within 30 days

8. Logging and Monitoring

- Web traffic, login activity, and administrative actions are logged and monitored in real-time.

- Anomalous behavior or intrusion attempts trigger automated alerts to the Security Operations Center (SOC).

9. DDoS and Threat Protection

- The website is protected by a Web Application Firewall (WAF) and a distributed denial-of-service (DDoS) mitigation service.

- IP reputation and rate limiting are used to detect and block malicious traffic.

10. Incident Response

- Website-related incidents are handled in accordance with AirSight’s Incident Response Plan.

- Clients and affected parties are notified promptly in the event of any breach involving their data.

11. Third-Party Services

- All third-party integrations (e.g., analytics, forms, CRM) are assessed for security risk and must comply with AirSight’s vendor risk management standards.

12. User Awareness

- Internal teams receive annual training on website security best practices, phishing, and social engineering risks.

- Public users are encouraged to report suspicious website behavior to security@airsight.com.

13. Policy Review

This policy is reviewed annually or upon any major infrastructure, threat landscape, or regulatory change.