Security

Protecting Your Data and Our Platform

Our Security Commitment

At Certean, security is fundamental to everything we do. We understand that you trust us with sensitive compliance data, and we take that responsibility seriously. Our comprehensive security program is designed to protect your information, maintain service availability, and ensure the integrity of our platform.

Data Protection and Encryption

Encryption in Transit

All data transmitted between your devices and our servers is protected using industry-standard TLS (Transport Layer Security) encryption. This ensures that your data cannot be intercepted or read by unauthorized parties during transmission.

Encryption at Rest

Your data is encrypted when stored in our databases and file systems using AES-256 encryption, one of the strongest encryption standards available. Encryption keys are managed securely and rotated regularly.

Database Security

Our databases are protected with multiple layers of security, including network isolation, access controls, encryption, and regular security updates. Database access is strictly limited to authorized personnel and systems.

Infrastructure Security

Cloud Security

Our infrastructure is hosted on leading cloud platforms that maintain SOC 2 Type II, ISO 27001, and other security certifications. We leverage their enterprise-grade security controls while implementing additional layers of protection.

Network Security

  • Firewalls and intrusion detection systems
  • DDoS protection and traffic filtering
  • Virtual private networks (VPNs) for internal access
  • Network segmentation and isolation
  • Regular security monitoring and incident response

Server Hardening

All servers are hardened according to security best practices, including disabling unnecessary services, implementing strong access controls, and maintaining up-to-date security patches.

Access Controls and Authentication

Multi-Factor Authentication (MFA)

We strongly recommend and support multi-factor authentication for all user accounts. MFA adds an extra layer of security by requiring additional verification beyond just a password.

Role-Based Access Control (RBAC)

Our platform implements granular role-based access controls, ensuring users only have access to the data and functionality they need for their role. Permissions are regularly reviewed and updated.

Single Sign-On (SSO)

We support integration with popular SSO providers, allowing you to manage user access through your existing identity management systems while maintaining security standards.

Application Security

Secure Development Lifecycle

Security is integrated into our development process from the beginning. We follow secure coding practices, conduct code reviews, and perform security testing throughout the development lifecycle.

Vulnerability Management

  • Regular security assessments and penetration testing
  • Automated vulnerability scanning
  • Dependency monitoring and updates
  • Bug bounty program for responsible disclosure
  • Rapid response to security issues

Input Validation and Sanitization

All user inputs are validated and sanitized to prevent common attacks such as SQL injection, cross-site scripting (XSS), and other injection attacks.

Monitoring and Incident Response

24/7 Monitoring

Our systems are monitored around the clock for security threats, performance issues, and anomalous behavior. Automated alerts ensure rapid response to potential security incidents.

Incident Response Plan

We maintain a comprehensive incident response plan that includes:

  • Immediate threat containment and mitigation
  • Forensic analysis and impact assessment
  • Communication with affected customers
  • Regulatory notification when required
  • Post-incident review and improvements

Logging and Auditing

Comprehensive logging is implemented across all systems, providing detailed audit trails for security investigations and compliance requirements. Logs are securely stored and regularly analyzed.

Compliance and Certifications

Industry Standards

Our security practices align with industry-recognized standards and frameworks:

  • ISO 27001 Information Security Management
  • SOC 2 Type II Security Controls
  • NIST Cybersecurity Framework
  • OWASP Security Guidelines
  • GDPR and other privacy regulations

Regular Audits

We undergo regular third-party security audits and assessments to validate our security controls and identify areas for improvement. Audit reports are available to enterprise customers upon request.

Employee Security

Background Checks

All employees with access to customer data undergo background checks appropriate to their role and level of access. This includes verification of identity, employment history, and criminal background where legally permitted.

Security Training

Regular security awareness training ensures our team understands current threats and follows security best practices. Training covers topics such as:

  • Phishing and social engineering awareness
  • Data handling and privacy requirements
  • Secure coding practices
  • Incident reporting procedures

Access Management

Employee access to systems and data is granted on a need-to-know basis and regularly reviewed. Access is promptly revoked when employees leave the company or change roles.

Business Continuity and Disaster Recovery

Data Backup and Recovery

Your data is automatically backed up across multiple geographic locations with the ability to restore quickly in case of system failures or disasters.

High Availability

Our infrastructure is designed for high availability with redundant systems, load balancing, and automatic failover capabilities to minimize service disruptions.

Disaster Recovery Plan

We maintain a comprehensive disaster recovery plan that is regularly tested to ensure we can quickly restore services and data in the event of a major incident.

Your Role in Security

Security is a shared responsibility. Here's how you can help protect your data:

  • Use strong, unique passwords for your account
  • Enable multi-factor authentication
  • Keep your devices and software updated
  • Be cautious of phishing attempts and suspicious emails
  • Report any security concerns promptly
  • Follow your organization's security policies
  • Regularly review user access and permissions

Security Contact

If you have security concerns or need to report a security issue, please contact us:

Security Team: info@certean.com

Emergency Security Issues: info@certean.com

General Contact: Contact Form

For sensitive security matters, please use our PGP key available on our contact page.