Sofecta Labs is committed to ensuring the confidentiality, integrity, and availability of our customer data. Here is how we protect information and comply with industry standards and regulations.
A Network Security Policy identifies the requirements for protecting information and systems within and across networks.
Risk Assessment
Risk Register
A risk register is maintained, which records the risk mitigation strategies for identified risks, and the development or modification of controls consistent with the risk mitigation strategy.
Risk Assessment
Formal risk assessments are performed, which includes the identification of relevant internal and external threats related to security, availability, confidentiality, and fraud, and an analysis of risks associated with those threats.
Communications
Privacy Policy
A Privacy Policy to both external users and internal personnel. This policy details the company's privacy commitments.
Access Security
Unique Access IDs
Personnel are assigned unique IDs to access sensitive systems, networks, and information
Encryption-in-Transit
Service data transmitted over the internet is encrypted-in-transit.
Access to Product is Restricted
Non-console access to production infrastructure is restricted to users with a unique SSH key or access key
Incident Response
Incident Response Plan
An Incident Response Plan outlines the process of identifying, prioritizing, communicating, assigning and tracking confirmed incidents through to resolution.
Lessons Learned
After any identified security incident has been resolved, management provides a "Lessons Learned" document to the team in order to continually improve security and operations.
Change Management
Secure Development Policy
A Secure Development Policy defines the requirements for secure software and system development and maintenance.
Production Data Use is Restricted
Production data is not used in the development and testing environments, unless required for debugging customer issues.
Organizational Management
Roles and Responsibilities
Information security roles and responsibilities are outlined for personnel responsible for the security, availability, and confidentiality of the system.
Background Checks
Background checks or their equivalent are performed before or promptly after a new hires start date, as permitted by local laws.
Information Security Policy
An Information Security Policy establishes the security requirements for maintaining the security, confidentiality, integrity, and availability of applications, systems, infrastructure, and data.
Information Security Program Review
Management is responsible for the design, implementation, and management of the organization’s security policies and procedures. The policies and procedures are reviewed by management at least annually.
