1. Handling Sensitive Data
TRaViS processes sensitive data such as exposed credentials, breach data, DAST, and SAST findings. Follow these guidelines:
- Data Classification: Treat darknet intelligence and AST results as confidential. Avoid storing sensitive data locally; rely on TRaViS’s secure cloud storage.
- Access Control: Limit access to authorized users via role-based access control (RBAC) settings in the admin panel (e.g., Viewer, Editor, Admin).
- Encryption: Ensure all data in transit and at rest is encrypted (TRaViS uses industry-standard encryption; verify with support).
- Retention: Retain exported data only as long as required by compliance policies (e.g., GDPR’s 30-day limit for personal data).
2. Data Sharing
- Share sensitive data only with authorized personnel or third parties under a non-disclosure agreement (NDA).
- Use TRaViS’s export tools (CSV, PDF) to share anonymized or aggregated data for compliance reporting.
Best Practices
- Regularly review access logs via the admin portal to detect unauthorized access.
- Train users on data handling policies to prevent accidental disclosures.
