Security

A great security culture is characterised by a set of values and a way of thinking that are shared by every employee. In order to bring this to life, we’ve transformed our values into concrete principles, and we seek to adhere to these principles in everything we do:

• Principle of minimal privilege
  • We only provide the bare minimum privilege for any user, role, or process needed to perform the intended objective.
• Storage restrictions
  • We keep personal information only for as long as the service is in use and we will return and delete data upon termination of a customer agreement.
• Transmission
  • We limit the disclosure of personal information to what is required to provide our service.
• Confidentiality
  • We ensure secure communication and information flow, both internally and towards customers. We use secure storage, processing and disclosure of information to ensure no data is compromised.

In line with the ISO 27034 standard for application security, we integrate security into each stage of our software development life cycle (SDLC). We conduct regular risk assessments and implement appropriate controls for identified risks, ensuring that security is an inherent part of the design and architecture of our applications. Secure coding practices are followed by our development team, which are reinforced through continual training and awareness programs. Our applications undergo rigorous security testing, including penetration testing and vulnerability assessments, before deployment. Additionally, we establish a structured incident response mechanism to manage any identified security issues post-deployment effectively.