# Product Security ### Data Access and Auditing A full Information Security Policy governs data access and management practices in every area of our company. Our software development life cycle is subject to a formal Change Control Policy. Every change to the system is captured in an auditable, reversible trail. Review for accuracy, security, and appropriateness of software and system configuration changes is required on every change. We use a combination of manual and automatic systems to perform these reviews. Changes are prevented by systems when the change control process is not followed. All-access to our systems is logged and monitored using NTT Data EMEAL corporate SIEM. Access permissions and appropriateness are periodically reviewed. ### Profile-Based Access Control Eva lets you set granular access controls to grant and restrict capabilities based on specific profiles and authorities. For more information, go to the following page: {% embed url="" %} ### Self-Serve User Management Eva offers self-serve user management based on an internal IAM for adding, removing, and managing users. Administrators user can create, update and delete users in their eva environments. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.conversational-ai.syntphony.com/user-guide/security-and-compliance/product-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.