Versions Compared

Old Version 4

changes.mady.by.user Benjamin Linser

Saved on

compared with

New Version 5

changes.mady.by.user Anke Viehweger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By providing you access to our all security and privacy practices on this pages and on our Trust Center, we think you have all the information necessary to choose, if yasoon apps are a good fit for your company.

...

Does the system to purchase support setting custom complex password policy ?

We do not have an own account management. In general not really applicable: We do not have an own account management. We're using Microsoft and Atlassian accounts and inherit all security settings from Atlassian/ Microsoft.

...

We use Amazon RDS and DynamoDB to store our data. Both are encrypted on the file-system level with AWS KMS keys. We are using an up-to-date ORM in our code to prevent SQL injection attacks. Additionally we validate input for consistency.

Do you utilise utilize Data Loss Prevention (DLP) tools via any of the following data transfer methods: email, HTTP/S or portable media?

...

Yes. We run a Bug-Bounty-Programm on bugcrowd to encourage security researches looking for vulnerabilities and claim their bug bounties. We run pen-tests multiple times per year.

Are you willing to share a management summary of the most recent penetration testing reports?

...

  • Staffed reception desk

  • Guards (shared by entire building)

  • Motion detectors, Alarms

  • Electronic access control (e.g., swipe cards)

...

Do you have an auditable process in place for granting and revoking physical access to office facilities? Are physical entry logs kept for at least six months?

Yes and yes.

Do you have a clear desk policy that also requires unattended equipment to be appropriately locked down e.g. Screen Lock, securing laptops with a cable etc.?

...


Do you have written job descriptions for employees with access to confidential or sensitive information?

Yes

Do you have processes in place to ensure that access to data is granted solely on a "need-to-know" basis, in accordance with the job descriptions and responsibilities of users? Do these processes also revoke access when the need no longer exists?

...

Quarterly or more often.

Does the scope of your internal internal assessment include the entire security and privacy program, as well as all operations, services, and systems that involve access to the customer data or systems that are used in this project?

Yes.

How often does an independent third party perform audits of your security and privacy program? (Note: this should not include penetration tests or other technical assessments; rather, it refers to security reviews of your organizational processes, procedures, and policies.)

...