Security fit for enterprise teams

Employee access levels: Employees are granted access based on their role and training, with unique access identifiers for accountability. Access is revoked upon termination.

Authentication: Employees use password managers, strong passphrases, and two-factor authentication to access sensitive production data systems.

At rest and in transit: Our data is encrypted both in transit via HTTPS/TLS 1.2 or newer, and at rest with AES256.

Penetration testing: Regular testing is performed by third-party security providers to identify potential security or privacy concerns.

DevSecOps: Integration of security practices such as DAST and SAST into every aspect of our application and infrastructure deployments.

Monitoring: Proactive monitoring of networks, servers, and applications for malware and vulnerabilities, including nightly scans and endpoint virus and malware protection.

Review and evaluation: Our security team reviews vulnerabilities, categorizes threats, and prioritizes patches.

Network security: Use of Single Sign-On (SSO), Multi-Factor Authentication (MFA), Host Intrusion Detection, virus and malware protection, local firewalls, and network-level firewalls and Access Control Lists.

Company infrastructure protection: Applications and services run with monitoring tools to detect suspicious activity. Our infrastructure is hosted by SSAE 16/18 and ISO 27001-compliant providers.

Security and privacy training: All employees undergo initial and ongoing security training to ensure understanding and compliance with security practices.

Risk and assessment testing: OfficeSpace tests the effect of patches before deployment. Emergency patches may be deployed within 24 hours.

Audit, assessment, and verification: Verification of patch installation and collaboration with technology teams to confirm no adverse effects.