This document describes our efforts to ensure high security standards for the services we offerSecurity encompasses numerous facets. On this and subsequent pages, we aim to provide essential information to enhance your understanding of our security strategy.
Physical Access
All our services are hosted in AWS. Their data centers are at least SOC-2 compliant and providing a wide range of industry-specific compliance certifications. These certifications address a range of security controls including physical and environmental security and protection. Access to the data centres is limited to authorized personnel, and verified by biometric identity verification measures. Physical security measures include on-premises security guards, closed circuit video monitoring, man traps, and additional intrusion protection measures.
Learn more about digital access of our employees here.
Architecture
On a physical level, the infrastructure is separated into a public network for static files and the load balancer and a private network for the servers and the database. This limits the attack vectors to our infrastructure.
...
We use Azure DevOps CI for deployments and releases.
All code changes have been reviewed and approved by 4-eyes principle.
Access to customer data
All access is restricted to privileged groups of yasoon employees unless requested and reviewed, with additional authentication requiring 2FA. All accounts are connected and managed by our central AzureAD using SSO.
Single Sign-On
tbd
Data Center
tbd
Security Testing
See Marketplace Security Bug Bounty Program
...