# Best practices We take a comprehensive approach to safeguarding your data and ensuring the reliability of our systems. Here's an overview of the best practices we follow to keep your information protected: ## National Institute of Standards and Technology (NIST) Cybersecurity Framework We adhere to the NIST Cybersecurity Framework, a robust set of guidelines developed by the U.S. government. This framework provides a structured approach to identify, protect, detect, respond to, and recover from cybersecurity threats. By following these guidelines, we ensure our security practices are aligned with recognized industry standards. ## OWASP The Open Web Application Security Project (OWASP) Top 10 is a well-established list of the most critical web application security risks. We actively address these vulnerabilities by implementing security measures that mitigate the risks associated with common attack vectors like injection attacks, broken authentication, and insecure direct object references. ## Code static analysis We incorporate code static analysis tools, such as SonarQube, into our development process. These tools scan our codebase for potential security flaws, coding errors, and vulnerabilities before the code is deployed. This proactive approach helps us identify and fix issues early on, preventing them from reaching production environments. ## Disaster recovery event We have a comprehensive disaster recovery plan to ensure business continuity in the event of an unforeseen incident. This plan outlines procedures for data restoration, system recovery, and minimizing downtime. We regularly test and update this plan to guarantee its effectiveness in a real-world scenario. ## Pen test We engage in annual penetration testing, where ethical hackers simulate real-world attacks to identify weaknesses in our systems and applications. This proactive approach helps us discover and address vulnerabilities before malicious actors can exploit them. ## Security review {% hint style="info" %} See [our dedicated page](/25.2/it-and-security/security/security-updates.md) for details on security updates. {% endhint %} Our security posture is continuously evaluated through internal security reviews. These reviews thoroughly examine our security controls, policies, and procedures to ensure their effectiveness. Additionally, we may engage external security auditors to provide an independent assessment of our security practices. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vectice.com/25.2/it-and-security/security/best-practices.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.