Best practices
We take a comprehensive approach to safeguarding your data and ensuring the reliability of our systems. Here's an overview of the best practices we follow to keep your information protected:
National Institute of Standards and Technology (NIST) Cybersecurity Framework
We adhere to the NIST Cybersecurity Framework, a robust set of guidelines developed by the U.S. government. This framework provides a structured approach to identify, protect, detect, respond to, and recover from cybersecurity threats. By following these guidelines, we ensure our security practices are aligned with recognized industry standards.
OWASP
The Open Web Application Security Project (OWASP) Top 10 is a well-established list of the most critical web application security risks. We actively address these vulnerabilities by implementing security measures that mitigate the risks associated with common attack vectors like injection attacks, broken authentication, and insecure direct object references.
Code static analysis
We incorporate code static analysis tools, such as SonarQube, into our development process. These tools scan our codebase for potential security flaws, coding errors, and vulnerabilities before the code is deployed. This proactive approach helps us identify and fix issues early on, preventing them from reaching production environments.
Disaster recovery event
We have a comprehensive disaster recovery plan to ensure business continuity in the event of an unforeseen incident. This plan outlines procedures for data restoration, system recovery, and minimizing downtime. We regularly test and update this plan to guarantee its effectiveness in a real-world scenario.
Pen test
We engage in annual penetration testing, where ethical hackers simulate real-world attacks to identify weaknesses in our systems and applications. This proactive approach helps us discover and address vulnerabilities before malicious actors can exploit them.
Security review
See our dedicated page for details on security updates.
Our security posture is continuously evaluated through internal security reviews. These reviews thoroughly examine our security controls, policies, and procedures to ensure their effectiveness. Additionally, we may engage external security auditors to provide an independent assessment of our security practices.
Last updated