Information is categorized based on sensitivity and business impact. Handling controls are applied accordingly.
External communications involving sensitive data are protected using HTTPS/TLS.
Stored data is protected using encryption at rest provided by hosting and vendor infrastructure where supported.