Security Policy

Security

At Stack Identity, we are committed to maintaining the highest standards of security and privacy for our systems, networks, data, and applications. Our security measures are designed to protect our customers’ data and our own systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Operational Security:

Stack Identity’s platform is hosted in Amazon Web Services which provides state of the art security measures at the infrastructure level. On top of that, we take additional measures to improve security.

  • Systems and Network Security:

    • We have implemented and maintain firewalls and other security technologies to protect our networks and systems from unauthorized access.
    • We regularly monitor our networks and systems for any suspicious activity and take appropriate action to address any security incidents.
    • We have implemented secure protocols for remote access and require multi-factor authentication for all remote access.
    • We have implemented strict controls on the use of administrator-level access and regularly audit access logs.
    • We conduct regular vulnerability scans and penetration testing to identify and address any potential vulnerabilities in our systems and networks.
    • We are regularly updating our systems and software with the latest security patches and upgrades.
  • Physical Security:

    • We have implemented strict controls on access to our facilities and data centers, including the use of security cameras, alarms, and security personnel.
  • Personnel Security:

    • We conduct background checks on all staff members. All staff members are bound by written confidentiality obligations which survive even after they cease to be associated with Stack Identity.
    • We have implemented strict controls on the handling of sensitive data and access to systems and networks.
    • We have implemented strict controls on the handling of sensitive information by third-party vendors and partners.
  • Device Security:

    • We have implemented endpoint protection software on all endpoints, which includes antivirus, anti-malware, and firewall protection.
    • We use encryption to protect data stored on the endpoints.
  • Incident Response:

    • We have implemented an incident management process, including incident detection, response and reporting.
    • We have an incident response plan that outlines the procedures to be followed in the event of a security incident.
    • We have an incident response team that is responsible for coordinating the response to a security incident.
    • We conduct regular incident response drills to test and improve our incident response capabilities.

Application Security:

We take great measures through our Software Development Life Cycle to ensure continuous security of Stack Identity’s platform.

  • We conduct regular security testing and code reviews of our applications.
  • We use industry-standard security libraries and frameworks.
  • We have implemented secure coding practices, including the use of input validation and output encoding.
  • We have implemented strict access controls for our applications, including the use of unique login credentials and multi-factor authentication.
  • We have implemented strict controls on the handling of sensitive data within our applications.
  • We have provided our customers with access controls, including the ability to grant and revoke access as needed.

Data Security:

  • We have implemented industry-standard encryption for data in transit and at rest.
  • We have implemented strict access controls for our data, including the use of unique login credentials and multi-factor authentication.
  • We regularly back up our data to secure off-site locations.
  • We have implemented strict controls on the handling of sensitive data, including credit card information and personal identification numbers.

Business Continuity and Disaster Recovery:

  • We have implemented a Business Continuity Plan (BCP) to ensure the continuity of our critical business processes in the event of a disruption.
  • We have implemented a Disaster Recovery Plan (DRP) to ensure the recovery of our systems and data in the event of a disaster.
  • We have identified and prioritized our critical systems, applications, and data and have developed procedures to ensure their availability.
  • We are in the process of implementing a disaster recovery site, which includes the necessary hardware, software, and data to enable recovery in the event of a disaster.
    We have implemented a process for regular testing and updating of our BCP and DRP.
  • We have established procedures for communicating with employees, customers, and other stakeholders in the event of a disruption.

Security Standards and Compliances:

We also comply with all relevant laws and regulations related to data security and privacy.

  • SOC-2 certification – we are SOC-2 certified.
  • We are in the process of obtaining HIPAA and ISO27001 compliance.

If you have any questions or concerns about our security practices, please contact us at security@3.86.181.184.