Security at
The Security and Privacy teams develop policies and controls, monitor compliance, and assess them through third-party audits.
Security controls are regularly monitored and updated to handle new threats, vulnerabilities, and changing business needs.
Access should be granted only to those with a valid business need and based on the principle of least privilege.
Consistent security controls provide uniform protection, reduce risk, improve compliance, and boot incident response.
Ensuring personal information is collected, stored, and used according to privacy laws and only for intended purposes.
Data Protection
Data at Rest
Any customer data is
encrypted at rest. Encrypting
data at rest ensures that this stored information is protected from unauthorized access.
Employee hard drives are encrypted to guarantee the protection of data.
encrypted at rest. Encrypting
data at rest ensures that this stored information is protected from unauthorized access.
Employee hard drives are encrypted to guarantee the protection of data.
Configurations Secrets
Secrets and encryption keys
are securely stored in AWS
or GCP. These secrets are
accessed by the application
and the necessary team
members.
are securely stored in AWS
or GCP. These secrets are
accessed by the application
and the necessary team
members.
Data in Transit
We use SSL/TLS 1.2 or higher
to encrypt the transferred
data. This encryption protocol
protects sensitive information, such as login credentials and personal data. These certificates are managed by AWS or GCP.
to encrypt the transferred
data. This encryption protocol
protects sensitive information, such as login credentials and personal data. These certificates are managed by AWS or GCP.
Organization Security
Device Management
Machines are managed by an MDM and anti-malware protection. Devices are monitored to ensure security practices like hard drive encryption are always enabled.
Security Education
Employees are trained annually on cyber security best practices. Throughout the year employees are informed of relevant security risks/alerts to ensure awareness of the topic.
Access Management
S44 integrates Microsoft Entra for the majority of our systems. Access is given upon request and with manager approval. In the event of a termination, we have the appropriate procedures to ensure access is revoked.