Adaface is the best technical screening platform that is secure and enterprise-ready. Along with secure and reliable technology and infrastructure, we also have set-processes that continuously assess our product for any vulnerabilities. We believe security and compliance is a long-term promise that can only be achieved with diligent processes. We are committed to providing with you a safe and secure application that will always win your trust. This document highlights a few of our approaches to security in Adaface.
Adaface is GDPR compliant. You can read more about our approach to GDPR here.
Data storage, backups, and recovery
Adaface uses a multi-tenant architecture that offers comprehensive protection, including end-to-end data encryption to mitigate the risk of data exfiltration and ensure the integrity of sensitive information. We also have set policies and process controls that protect your most critical and sensitive data.
Regarding backups, we ensure that critical systems and data are properly backed up in intervals of few hours. We provide provisions for our clients to request changes to backup cycles.
In the case of critical events, we have proven recovery mechanisms to restore data to a previous state. We also offer this as an on-demand request for our customers through our support channels.
Controlled Access Based on the Need to Know.
Adaface tracks and logs all actions that change our clients' data. This data is made available to our clients through various mechanisms. In case of an unwanted action, we use our tracing and logging mechanisms to find the error.
We provide our clients with the ability to assign different roles and permissions to their users so that any form of change to client state coming from internal users would be permissioned accordingly.
Vulnerability assessments and critical security controls
We continuously acquire, assess and take action on new information (e.g., software updates, patches, security advisories, and threat bulletins) to identify and remediate vulnerabilities attackers could otherwise use to penetrate their networks. This is one of the core parts of our software development lifecycle and its part of our periodic checks to ensure all software and frameworks we use are up to date and secure.
Controlled Use of Administrative Privileges
We use automated tools to monitor user behavior and keep track of how administrative privileges are assigned and used to prevent unauthorized access to critical systems. By default, only our clients and their success managers have access to our client systems. We provide temporary access to our support team to be able to serve customer support requests. All of our support team is properly trained in security and compliance policies regarding our clients' data.
We collect, manage and analyze event logs to detect anomalous incidents and investigate them. Any form of aberrant events is notified to our clients in accordance with our compliance policies. It is also one of our core software development policies to prioritize analysis and future-proofing our software from future occurrences of such events.
Secure Software Development Practices
We follow a thorough and secure SDL at Adaface. You can read more about it here.
All of our infrastructures are maintained on secure platforms. We use automated tools to continuously monitor our servers with anti-virus, personal firewalls, and host-based IPS.
Incident Response and Management
We have set up proper incident response mechanisms that involve training and management oversight to help us discover attacks and contain the damage effectively. We follow GDPR compliant response systems in such scenarios.
A Pragmatic Approach
We continuously evaluate our software and systems to ensure all critical security controls are in place. This involves
- Perform risk assessment and think through potential attacks against our systems
- Prioritize product/ technical features belonging to critical security controls
- Stay updated with industry-standard security controls and develop a plan for adopting the new standards