1. Purpose & Scope

At UpFlight, we are committed to protecting the confidentiality, integrity, availability, and resilience of your data — whether you're using our website, platform, or services. This Security Policy explains our technical and organizational safeguards, aligned with recognized industry standards, such as ISO/IEC 27001, to ensure robust data protection.

2. Governance & Responsibilities

• We maintain formal, documented information security policies and procedures, reviewed annually to align with industry best practices.

• A designated Information Security Officer oversees the implementation, enforcement, and monitoring of these measures.

• All employees and contractors with access to your data are bound by strict confidentiality obligations and are assigned clear security-related roles and responsibilities. amadeus-hospitality.com

3. Risk Management & Human Resources Security

• A comprehensive risk management process is in place to identify, assess, and mitigate security risks throughout our operations.

• We conduct appropriate pre-employment screening, and provide ongoing security awareness training for all staff. Access rights are promptly revoked when personnel leave or change roles. amadeus-hospitality.com

4. Asset & Access Management

• We maintain an asset inventory and classify data to ensure access is granted strictly on a need-to-know basis.

• Robust access controls ensure every individual has a unique identity and the minimum privileges required for their role.

• Authentication and password policies adhere to industry standards to ensure secure access.

• Network segmentation and application-level controls help prevent unauthorized access to sensitive data. amadeus-hospitality.com

5. Physical & Environmental Security

• Physical access to our facilities and systems is restricted to authorized personnel only.

• Proper controls oversee all media movements (e.g., storage devices), with audit logs maintained for incoming and outgoing data.

• Measures are in place to protect against environmental threats (like power failures), and data disposal follows best practices to ensure secure deletion. amadeus-hospitality.com

6. Operational Security & Communications

• We separate development, testing, and production environments to minimize risk exposure.

• Our operations are governed by formal procedures, including documented guidelines for incident management and operational responsibility.

• Business continuity and disaster recovery plans ensure rapid data recovery and service availability in case of incidents.

• Malware defenses, encryption (for data at rest and in transit), and vulnerability management programs are actively maintained.

• Access logs are captured and monitored to trace system and data access. amadeus-hospitality.com

7. Third-Party Supplier Oversight

• We only engage vendors that commit to meeting or exceeding our security standards, and we conduct regular due diligence and oversight. amadeus-hospitality.com

8. Incident Response & Business Continuity

• We maintain a formal security incident response plan, regularly tested to ensure readiness.

• In the event of a security incident, we act promptly to contain, investigate, and remediate any threats, while notifying affected parties as appropriate.

• Business continuity processes are regularly reviewed to ensure organizational resilience. amadeus-hospitality.com

9. Alignment with ISO 27001

UpFlight's security controls are designed to align with the ISO/IEC 27001 framework, ensuring a globally recognized standard of information security governance and best practices. amadeus-hospitality.com

10. Updates to This Policy

This policy may be updated periodically to reflect advancements in security measures, regulatory changes, or operational improvements. All updates will include an updated effective date.