澳门彩霸王黑料网

Skip to Main Content
黑料网 Logo

黑料网's Commitment to Your Security

Take a look at some of the most frequently asked questions about our security approach.

Does 黑料网 conform to a recognized ISMS (Information Security Management System) standard?

  • ISO 27001 Certification

    Yes. 黑料网 is ISO 27001 certified, highlighting our commitment to security by adhering to an international information security standard that is recognized and conformed to by some of the world鈥檚 largest commercial organizations and governments. Our information security processes for handling customer information has been audited by an objective third-party auditor, BSI, and found to be implemented and operating effectively. Equally important, it means our security measures are regularly reviewed to ensure continued compliance with the standard.

    We retain a dedicated team to manage these measures and an information security and risk manager oversees the effective delivery of all aspects of our ISMS.

 

Is 黑料网 SOC2, Type 2 Certified?

  • SOC2 Type2 Certfication

    We sure are. SOC 2, Type 2 is an internationally recognized information security standard that demonstrates a company’s ability to protect the confidentiality, integrity, and availability of their clients’ data. This certification also assures clients that 黑料网 has undergone rigorous third-party audits to ensure compliance with industry standards. Ultimately, 黑料网 clients can have confidence that their data is being protected by the highest level of security protocols and procedures and they can rest easy knowing that 黑料网 is doing everything they can to protect their business from potential security breaches or data loss.

 

Has 黑料网 achieved NIST 800-53 Security Compliance?

  • NIST Certification

    Absolutely. NIST 800-53 is a set of guidelines and best practices for information security management that is used by U.S. federal agencies and other organizations to ensure the confidentiality, integrity, and availability of sensitive information. Achieving compliance is a significant accomplishment for our company and our software, and we are proud to have met these rigorous requirements.聽 By completing the NIST 800-53 compliance requirements, our company has demonstrated our on-going commitment to security and our dedication to protecting the information of our customers.

How do you protect and isolate our customer systems & data at rest and in transit?

  • Systems and data are isolated from all other 黑料网 operational systems, end users, and developers in an isolated cloud operations hosting environment. Access is restricted to cloud operations administrators and indirectly to consultants who are working with the customer to facilitate migrations and other business driven actions only on need-to-know basis.
  • Tenants have their own isolated environments with no access to or from any other customer environment.
  • Customer data transferred in or out of the cloud operations environment to the customer is encrypted in transit with industry standard encryption protocols.
  • Systems have data encrypted at rest at the disk level with industry standard encryption.
  • Access to customer environments by cloud operations administrators occurs through a secure web portal mitigating most concerns related to the security posture of 黑料网 laptops, desktops, mobile devices, wireless, etc.
  • All Cloud Operation administrators are enabled with Multi-factor Authentication (MFA) to confirm identities.
  • Privilege authorization is managed through the PAM (Privilege Access Management) technology to ensure that access has been provided only on a Need-to-Know basis and the principle of Least privilege is being adhered to.
  • All external threats are being controlled at perimeter itself via the functionalities of Next generation firewalls.

 

Is your infrastructure SOC 2 compliant?

  • 黑料网 partners with well-known global IaaS Hyperscalers who maintain SOC 2 compliance.
  • 黑料网鈥檚 cloud operations hosting environment is both SOC 2 Type 1 compliant and SOC 2, Type 2 Certified.

 

What endpoint security do you implement for customer systems themselves?

  • We operate host based firewalls, EDR software and other protections ensuring:
    • Validated software is installed and running
    • Validated processes are running on customer systems
    • Virus & malware assessments of customer systems are current and accurate.
    • Host-based firewalls.
    • File Integrity Management
    • Host Intrusion Detection
    • Vulnerability Management
    • 黑料网 maintains auditing in place to collect/store the events from all endpoints to further enable accountability.

 

How do you track and respond to security incidents?

  • 黑料网 cloud operations maintains a 24脳7 NOC built around a SIEM solution for aggregating and correlating security events and identifying actionable security incidents.
  • 黑料网 maintains an Integrated Incident Response Plan and a dedicated SIRP (Security Incident Response Plan) which has IRPs/used cases covered thus helps in driving through the security incidents.

 

Is customer data backed up?

  • All customer data is backed up daily.

 

How is password storing and rotation managed?

  • All the customer related password storing and rotation is being managed by our PAM solution which has a secure wallet feature and enables the remote connectivity to authorized personnel without exposing the credentials in clear text.
  • Password rotation is enabled which ensures passwords are automatically changed at every 90 days.

 

How does 黑料网 stay updated about the latest threats and vulnerabilities?

  • We leverage a vulnerability management solution from a market leading vendor and maintain a regular check on all new and existing vulnerabilities.
  • We have a vulnerability management program in place to remediate any discovered vulnerabilities.
  • Additionally, our SOC service provider leverages a threat hunting program to ensure the highest level of diligence.

 

How does 黑料网 ensure confidentiality, integrity and availability (CIA) for customer data?

  • We encrypt all ingress and egress of customer data with the recommended encryption protocols.
  • We have FIM (File Integrity monitoring) functionality to observer any unauthorized modification to the production data.
  • 黑料网 maintains a network based data loss prevention platform
  • We also do have a Cloud & Container Security monitoring tool in place which also keeps up updated on our existing security posture.
  • Our CSP is a market leader and provides us with 2n+1 level of redundancy with their T4 level of data centers.

Does 黑料网 encrypt my data?

  • Yes. Both in transit, enforcing https, and at rest in the database using AES256 encryption. We also support SQL Server Transparent Data Encryption (TDE).

 

Do you review your applications for security vulnerabilities?

  • Throughout our Software Development Lifecycle (SDLC), we scan the code looking for security vulnerabilities using independent 3rd-party static and dynamic scanning tools and any significant issues are resolved prior to release.

 

Does your application support Multi-Factor Authentication?

  • We support Single Sign On (SSO), where the application delegates user authentication to the customers corporate Identity Provider. In this way, the customer directly controls who has access to the 黑料网 application using their established user authentication policies and procedures.

 

Do you use industry standards (i.e. OWASP Software Assurance Maturity Model, ISO 27034) to build in security for your Systems/Software Development Lifecycle (SDLC)?

  • 黑料网 information privacy and security governance and the SDLC process is aligned with the International Organization for Standardization (ISO) 27001 and 27002 security standards and the National Institute of Standards and Technology (NIST) Special Publications 800 Series. The 黑料网 secure SDLC program follows the guidelines set by the OWASP Framework.

 

What is the uptime SLA for your SaaS products?

  • We ensure an uptime of 99.5%.

 

How often do you release updates to the software?

  • Our SaaS products follow a CI/CD model where changes are deployed to production as soon as they have passed all of our SDLC checkpoints.
  • Our on-premise software is released on the following frequency:
    • Service Packs – every 4-6 weeks
    • Minor versions – every calendar quarter
    • Major versions every 1-2 years

Discover More Of Our Feature Set