Transform Your Business with Dallowry: Your Trusted Business Optimizer

Privacy Policy

Effective Date: 04/02/2025

Incident Response Plan

Dallowry's Incident Response Plan defines how we detect, contain, respond to, and recover from security incidents. All incidents are to be reported to the designated incident lead within 1 hour of detection. The process includes identification, containment, notification of affected stakeholders, resolution, and a final review. Template notifications and documentation logs are prepared in advance. This plan is reviewed quarterly.

Vulnerability Management Policy

Dallowry monitors system integrity and performs monthly vulnerability assessments using internal tools. All identified risks are evaluated and addressed or documented with business justification if accepted. Patch management and resolution logs are maintained and reviewed regularly.

Risk Management Framework

Dallowry categorizes business and technical risks as Low, Medium, or High. Each system and process is assigned a risk owner, responsible for tracking, updating, and reporting any escalations. While no security incidents have occurred to date, Dallowry is committed to preparing for risk scenarios and documenting all relevant decisions.

Recovery & Continuity Plan

In the event of an outage or disruption, Dallowry’s recovery plan is executed to restore client access to services as quickly and securely as possible. Critical systems are backed up daily, and quarterly test restorations are conducted. Target Recovery Time Objective (RTO): 4 hours for critical services. Recovery documentation is updated annually.

Public Communication/PR Plan

While Dallowry has not experienced any public incidents to date, we are prepared to create and implement a public communication strategy in the event of a breach or disruption. Designated spokesperson(s) will be responsible for issuing updates, aligned with client communication preferences and State of Oklahoma protocols.

Access Control & Remote Access Policy

All system access is role-based and requires approval. International support access is only granted upon request and requires an authorization form. Access is temporary, logged, and encrypted using 256-bit AES. MFA is required for all admin accounts.

Security Awareness Policy

All Dallowry team members must complete annual security training, including secure password usage, phishing detection, and client data protection. Training sessions are logged and updated annually to reflect evolving threats and policies.

Stakeholder Communication Plan

For any security event, Dallowry will notify internal and external stakeholders in accordance with our incident response strategy. Communications include initial alerts, progress updates, and resolution summaries. Stakeholder lists are maintained for each client or agency partnership.

Digital Forensics & Legal Escalation Procedure

In the event of an incident requiring forensic analysis or legal review, Dallowry will engage a qualified third-party partner. Criteria for escalation include data exfiltration, service disruption, or breach of regulated data. All findings are documented and submitted for internal and client review.

Contact Us:
For questions or concerns about this privacy policy, contact us at

info@dallowry.com