ATTG Technical and Organizational Measures - Atlas Travel & Technology Group

Last updated: 9/11/2025

1. Security Governance and Compliance

ATTG maintains a robust security governance framework to manage data throughout its lifecycle. Policies and procedures are in place and regularly reviewed to ensure they meet high standards and regulatory requirements. Key aspects include:

Industry Standards Alignment:The security program follows recognized frameworks, in accordance with ATTG policies. The company also adheres to relevant compliance requirements (such as PCI DSS for any payment card data) to maintain certification and protect sensitive data.
Continuous Evaluation: ATTG regularly tests, assesses, and evaluates the effectiveness of its security measures. Risk assessments are conducted at least annually, with new threats added to a risk register and prioritized for mitigation. The security program is reviewed by leadership for effectiveness on an annual basis. Any updates to security measures will not diminish overall security.
Policy Framework: A comprehensive set of security and data protection policies governs all practices. Policies are based on standards like NIST, and they are updated as needed and approved by management. All employees and contractors must comply with these policies, which cover areas such as data handling, acceptable use, and incident response.
Security Organization: ATTG has a dedicated security team responsible for overseeing security operations, incident response, and compliance. Any incidents or vulnerabilities are handled under documented response procedures aligned with NIST guidance.

2. Cloud Infrastructure & Physical Security

ATTG’s infrastructure is fully hosted on Google Cloud Platform (GCP), leveraging Google’s state-of-the-art data centers and security practices. Physical and environmental security measures prevent unauthorized access to the facilities where personal data is processed, including:

Data Center Security: GCP data centers employ multi-layered physical security controls. Safeguards include electronic key-card access, alarms, perimeter fencing, vehicle barriers, metal detectors, and biometric scanners, among other protections . The facilities are monitored 24/7 by high-resolution cameras and on-site security guards, and all access is logged and auditable . Access to the data center floor is tightly restricted – only a small number of cleared Google employees with specific roles can enter, and only through multi-factor authentication checkpoints (security badge plus biometric verification) .
Facility Redundancy & Safety: GCP’s data centers are built with redundancy and fault tolerance to maintain availability. They feature redundant power supplies and environmental controls, backup generators, climate control, fire detection/suppression systems, and other protections to ensure continuous operations . Each critical component has both primary and alternate power sources, and backup generators can run the data center at full capacity in emergencies . These controls reduce the risk of outages and help protect hardware from environmental hazards.
Device Security & Sanitization: Within the cloud infrastructure, data is stored on secure, hardened servers. Google’s hardware design excludes unnecessary components to minimize vulnerabilities . All storage media used in GCP (disks, SSDs, etc.) are encrypted (full-disk encryption) and undergo strict data sanitization or destruction upon decommissioning . This ensures that no customer data can be retrieved from retired equipment.
Certifications and Standards: GCP maintains numerous security certifications and undergoes regular independent audits (such as ISO 27001, SOC 2, and others). By using GCP, ATTG inherits these high security standards for its underlying infrastructure. The Company continually monitors Google’s compliance updates and ensures that its use of the cloud is configured securely in line with best practices published by Google and industry bodies.

3. Identity and Access Management (IAM)

ATTG employs strict identity and access controls to prevent unauthorized use of systems and data. A Zero Trust approach is enforced organization-wide, meaning “never trust, always verify” for every access request . Key IAM measures include:

Centralized Authentication (SSO): All user access (employees and contractors) is managed through a centralized Identity Provider (Okta). SAML Single Sign-On (SSO) is used for all corporate applications and cloud services, enforcing a single set of strong credentials per user . This provides centralized control over authentication and the ability to instantly revoke access across all systems if needed.
Multi-Factor Authentication: Multi-factor authentication (MFA) is mandatory for all logins. Users must verify their identity with at least a second factor (such as Okta Verify push or hardware token) in addition to passwords . This greatly reduces the risk of account compromise.
Least Privilege & Role-Based Access: Each user is assigned an individual, role-based account with access permissions limited to what they require for their job (“need-to-know”). Administrative privileges are restricted to authorized personnel and segregated from normal user accounts. The principle of least privilege is enforced throughout the environment . For example, access to production data is limited to a small, vetted group of admins, and even within that group fine-grained entitlements are applied.
Strong Password Policies: Even with SSO, ATTG maintains strong password controls via Okta. Passwords must meet complexity and length requirements and are rotated periodically. Default and weak passwords are prohibited. All credentials are stored securely (using salted hashing/B crypt or equivalent modern algorithms) to prevent retrieval .
Account Lockout & Session Management: User accounts are locked or suspended after excessive failed login attempts to mitigate brute-force attacks. Sessions automatically timeout after periods of inactivity, requiring re-authentication . This helps prevent unauthorized access if a user steps away from a device. Remote access to internal tools (when necessary) requires connecting through secure channels and re-authentication (aligning with zero-trust, no inherent network trust).
Access Reviews: The Company performs regular access reviews and audits. Privileged access and role assignments are periodically reviewed by management to ensure they remain appropriate. Orphaned accounts or unnecessary privileges are promptly removed.

These identity controls, combined with continuous monitoring (see below), embody the Zero Trust model: no user or device is implicitly trusted without verification and authorization for each access request.

4. System and Network Security

ATTG implements network and system-level controls to protect against unauthorized use and cyber threats, ensuring systems cannot be exploited by unauthorized persons. Measures include:

Endpoint Protection: All corporate endpoints (workstations, laptops) and servers have up-to-date anti-virus/anti-malware protection and host-based firewalls. The anti-malware solutions are centrally managed to ensure consistent updates and scanning. Detected threats are isolated and remediated promptly. In addition, the company utilizes extended endpoint detection and response (xDR) tools to monitor for suspicious behavior on endpoints beyond signature-based threats.
Device and Platform Hardening: Standard configuration baselines are applied to servers and employee devices that handle sensitive data. Unnecessary services and software are removed to reduce attack surface. Operating system and application patches are applied in a timely manner (under a vulnerability management program) to protect systems from known exploits. Configuration and patch management is centrally managed by the IT Security team, and critical patches are expedited.
Network Segmentation & Zero Trust Networking: ATTG’s cloud network is segmented using Virtual Private Clouds (VPCs), firewalls, and access control lists to isolate sensitive systems. There is no flat internal network – production environments are logically isolated from corporate IT resources and from development/test environments . Within production, tiered network segments and security groups restrict traffic flows (allowing only required connections). ATTG has effectively implemented a zero-trust network: even users on “internal” networks must authenticate and are only allowed to access specific resources based on policy, with continuous verification of their identity and device posture. Network-level controls prevent unauthorized access to data stores from other networks or the internet.
Secure Remote Access: Remote administrative access to cloud resources (if needed for support) is only done through secure methods. All administrative access channels are logged and monitored. There are no “backdoors” or unsecured remote access methods; everything funnels through authenticated and encrypted pathways.
Threat Detection and Prevention: Network traffic is continuously monitored for anomalies or malicious patterns. The organization employs a variety of cloud-native security solutions to protect against and mitigate threats.

All system and network security measures are continuously evaluated and upgraded as needed to address emerging threats. System and network activities are also logged (see Logging section) to allow forensic analysis and ensure accountability for any changes or access.

5. Data Encryption and Secure Data Transfer

ATTG protects personal data during storage and transmission to prevent unauthorized reading, copying, alteration, or removal. Measures include:

Encryption in Transit: All data in transit (between client devices and ATTG’s services, or between services internally) is encrypted using strong protocols (such as TLS with up-to-date cipher suites). Encryption in transit is enforced for all network communications involving personal data . For external data transfers, secure channels like HTTPS, SFTP, or encrypted VPN tunnels are used. Unencrypted protocols are disallowed for any data.
Encryption at Rest: All personal data at rest is encrypted using industry-standard algorithms. GCP automatically encrypts stored data at multiple layers by default . This applies to primary databases, file storage, backups, and any logs containing personal information. Encryption keys are managed securely using cloud key management services with strong access controls and key rotation policies.
Encryption Key Management: The Company utilizes a Key Management Service (KMS) to handle cryptographic keys, or equivalent hardened key management solutions. Keys are stored with strong encryption in secure modules and are rotated and backed up per policy. Access to encryption keys is limited to a very small number of security personnel and is logged/audited.
Pseudonymization: Where feasible, ATTG employs pseudonymization or tokenization for personal data, especially in lower environments or when full data is not required. For instance, direct identifiers are replaced with tokens in development/test systems to protect privacy.
Secure Transfer and No Physical Media: All data transfers between ATTG and any external parties (or between data centers/regions) use secure electronic transfer methods with encryption (e.g., secure file transfer or API calls over TLS). No physical media (USB drives, tapes, etc.) are used to transfer or ship personal data as part of processing. This eliminates the risk of loss or theft of portable media.
Integrity Protection: Robust checksums and secure protocols are used to maintain data integrity during transfer. Systems reject or flag any data that appears tampered with or corrupted in transit.

These controls ensure that even if data were intercepted or accessed without authorization, it would remain unintelligible and protected by strong cryptographic safeguards.

6. Monitoring and Logging (Data Entry Control)

ATTG implements extensive logging and monitoring to track access and changes to data. This helps detect misuse and provides an audit trail of “who did what, when.” Measures in this area include:

Comprehensive Audit Logging: Application and system activities are comprehensively logged. Key events such as authentication attempts, access to sensitive data, administrative actions, data exports, and configuration changes are recorded in audit logs . Logs capture details sufficient to trace the exact operations performed on data (data entry, modification, deletion) and by whom (user or process identity).
Centralized Log Management: Logs from cloud systems, applications, and network devices are aggregated in a Security Information and Event Management (SIEM). This allows correlation of events across the environment. The SIEM and cloud-native monitoring tools analyze logs for suspicious patterns or policy violations.
Real-time Alerting: ATTG has defined alert thresholds for potential security incidents. If anomalous or unauthorized activities are detected in the logs (e.g., multiple failed logins, access to large volumes of data, or unusual network traffic), alerts are generated. The security team is notified 24/7 to triage and respond to these alerts.
Log Retention and Protection: Audit logs are retained for an appropriate period to meet forensic and compliance needs (for example, 90 days online for immediate analysis and up to one year or more in secure archive) . Logs are protected from tampering – stored in write-once or access-restricted systems so that administrators cannot alter audit trails. In addition, time synchronization (NTP) is applied across systems to ensure logs have consistent timestamps.
Regular Log Reviews: Beyond automated analysis, periodic manual reviews of privileged access logs and system logs are conducted to verify that activities are legitimate. Any discrepancies or unexplained actions are investigated under the incident response process.

Through these logging and monitoring measures, ATTG can demonstrate accountability for data modifications and rapidly identify any improper access or changes to personal data.

7. Secure Development and Change Management

ATTG follows modern development practices with security integrated into the software development lifecycle (SDLC). Changes to systems and software are controlled to prevent unauthorized alterations and to ensure security is maintained through updates. Measures include:

Secure Coding Practices: Developers are trained in secure coding and follow established guidelines (such as OWASP Top 10) to avoid common vulnerabilities . At least annually, engineers receive secure code training on the latest threats and defensive coding techniques (covering issues like XSS, SQL injection, CSRF, etc.). ATTG promotes privacy by design and security by design in all development efforts.
Code Review and Testing: All changes to applications or infrastructure are reviewed by at least one other authorized person (two-party review) to catch errors or security issues. ATTGutilizes automated testing (including security static analysis and dependency vulnerability scanning) as part of the build pipeline to detect security flaws early. For significant changes, Quality Assurance (QA) personnel test new releases before deployment .
Separated Development Environments: Development and testing environments are logically separated from the production environment . Real personal data is not used in lower environments; data is sanitized or synthetic data is used outside of production environments. This separation ensures that testing activities cannot impact live data and that any vulnerabilities in non-production systems do not expose production data.
Change Control Process: ATTG has a documented change management procedure governing changes to applications, infrastructure, and configurations. Every change is tracked via a ticketing system and requires appropriate approvals before implementation. Changes are assessed for security impact. In cloud infrastructure, configuration changes (Infrastructure as Code or via console) are logged and often automated through pipelines to minimize human error.
Vulnerability Scanning & Penetration Testing: ATTG employs continuous vulnerability scanning on its applications and cloud environment to identify and address vulnerabilities proactively . Containers and VMs are scanned for outdated libraries or misconfigurations. In addition, annual (or more frequent) penetration tests by independent expert firms are conducted on the ATTG applications and network . Findings from scans and pen tests are reviewed by the security team and remediated promptly according to severity.
Configuration and Asset Management: An accurate inventory of software and assets is maintained, including versions and patch levels. Secure baseline configurations (hardened images) are used for servers and cloud resources. Any changes to configurations (e.g., opening a new network port) follow the same change control and are assessed for necessity and risk.

By integrating security into development and change processes, ATTG ensures that systems remain resilient against threats even as they evolve. Changes cannot be deployed without proper oversight, testing, and validation of security requirements.

8. Business Continuity and Disaster Recovery (Availability Control)

ATTG maintains robust measures to ensure availability of its services and to protect against accidental or unlawful destruction or loss of data. In the event of a disaster or disruption, ATTG can restore operations and data in a timely manner. Key measures include:

Geographic Redundancy: All production systems and data are deployed with geographic redundancy. Critical data and workloads are replicated across multiple GCP regions and availability zones so that if one data center or region experiences an outage, services can failover to another with minimal disruption . This multi-zone architecture ensures no single point of failure for critical applications.
Data Backup and Recovery: ATTG performs regular automated backups of databases and critical data stores. ATTGs Backup Policy details the specifics of backup, testing and recovery.
Business Continuity Plan: ATTG maintains a Business Continuity Plan along with a documented Disaster Recovery (DR) plan is in place, which defines RTO/RPO* targets and procedures for various disaster scenarios (such as major cloud region outage). The DR plan includes roles and communication steps for staff during an incident, and it is updated and drilled at least annually. ATTG’s plan leverages the inherent resilience of GCP (e.g., global load balancing, multi-region failover) to meet its recovery objectives.
High-Availability Design: Wherever possible, the application architecture itself is designed for high availability and fault tolerance. For example, services are containerized and can be rescheduled on healthy nodes, stateless components can scale out, and redundant instances are running for critical microservices. GCP managed services (which underlie ATTG’s platform) often have built-in high availability.
Protective Monitoring for Availability: Systems are monitored for uptime and performance. Automated health checks and alerts notify the operations team of any downtime or anomalies in system performance. In case of incidents, on-call engineers respond 24/7 to restore service quickly. Network protections (like anti-DDoS measures) are in place to maintain availability against external attacks .

*RTO (Recovery Time Objective) and RPO (Recovery Point Objective) define the target maximum downtime and data loss window, respectively, that the company aims not to exceed during a disaster.

9. Segregation of Environments and Duties

ATTG ensures that data collected for different purposes, and activities performed by different roles, remain logically separate. This prevents accidental or unauthorized crossover of data or capabilities. Measures include:

Environment Segregation: Production, staging, and development environments are strictly separated, using separate GCP projects/VPCs and access controls. No customer personal data is used in non-production environments. This separation means that testing or development work cannot affect live systems or data. Each environment has its own access permissions, with only authorized personnel able to access production.
Data Segregation: Within multi-tenant systems, each customer’s data is logically isolated so that one customer’s data is not accessible to another. Appropriate application-level controls (such as tenant IDs checks) and cloud identity isolation are used to enforce this. Internally, data is classified by sensitivity and separated accordingly (for instance, highly sensitive data may reside in additional restricted data stores or encrypted fields).
Segregation of Duties: No single individual has unilateral control over critical aspects of systems. Duties are divided among different roles to reduce the risk of malicious or accidental misuse. For example, developers generally do not have direct access to production data, and operational administrators cannot modify application code. Code releases require a two-party system: one individual submits changes, and a separate individual reviews and approves deployment. Likewise, infrastructure changes are deployed by different individuals than those who approve them. This segregation is enforced through role-based access and workflow policies in our tooling.
Emergency Access Protocol: In the event of a significant service disruption or security incident, temporary access to production systems may be granted to developers as needed to resolve the issue. Such access is authorized by management, time-limited, and fully audited to ensure accountability.
Access Approval Processes: Any request for elevated access (e.g., a developer requesting temporary read access to production data) goes through a documented approval process. This process ensures a second party (or manager) reviews and grants the access for a limited time if appropriate. All such access is logged (to maintain accountability).
Separate Administrative Contexts: Administrative accounts are separate from normal user accounts. Personnel with administrative responsibilities use dedicated credentials for admin tasks, which are not used for day-to-day work or browsing, minimizing the risk of those credentials being exposed.

By maintaining these separations, ATTG minimizes the chance that data could be improperly accessed or that changes in one domain (like testing) could impact another (like production). It also provides oversight by ensuring collaboration is required for critical operations.

10. Personnel and Third-Party (Instructional) Controls

ATTG ensures that all personnel and any third-party processors understand and adhere to the requirement that personal data is only processed as instructed by the data controller (client) and in line with contractual obligations. Key measures in this regard:

Employee Training and Accountability: All employees undergo security and privacy awareness training at hire and at least annually . Training covers data protection responsibilities, secure handling of personal data, phishing awareness, and the importance of following policies and customer instructions. Specialized training (e.g., secure development practices) is provided to relevant teams as noted above. Employees are required to acknowledge and agree to the company’s security policies and Code of Conduct, which emphasize confidentiality and proper data handling.
Background Checks and Confidentiality: The company conducts background checks on new hires in accordance with local law and role sensitivity . All staff must sign confidentiality and non-disclosure agreements. This helps ensure a trusted workforce. Only employees with a clear business need and appropriate authorization can access personal data, and they are legally and contractually bound to use it only for authorized purposes.
Least Privilege for Staff: Employee access to systems is provisioned on a least-privilege basis (as described in IAM above). Support and engineering staff access to customer data (if needed for troubleshooting, etc.) is tightly controlled and logged via privileged access management tools.
Process for Instructions: ATTG’s internal policies mandate that customer data is only processed according to the customer’s instructions as laid out in contracts and service agreements. Any employee or contractor who receives a request involving personal data must ensure it is authorized and within scope. ATTG has a Data Protection Officer or privacy team oversight to ensure compliance with such instructions.
Sub-processor Management: If ATTG engages any sub-processors (subcontractors) to help provide the service, it does so under strict Data Processing Agreements. All sub-processors are contractually obligated to follow equivalent technical and organizational measures and to process data only for the purposes instructed by ATTG . ATTG maintains an updated list of sub-processors and conducts due diligence on their security postures. Processors are regularly assessed and must adhere to the same standards of data protection.
Oversight and Audits: ATTG’s compliance team and security team maintain oversight of both internal operations and third parties. Regular audits (internal and external) are performed to ensure that policies and procedures — including those related to data processing instructions — are being followed in practice. Any violations or deviations are addressed with corrective actions.
Incident Response and Reporting: ATTG has an incident response plan that includes notifying customers in a timely manner of any breach involving personal data, in accordance with legal and contractual requirements. Employees are trained on incident reporting procedures (e.g., if they see something, say something). All incidents are investigated to identify root causes and improve processes.

Through these organizational measures, ATTG ensures that human factors and third-party relationships do not compromise the security of personal data. Every person or entity handling data is bound by strict obligations to maintain confidentiality and act only within authorized purposes.