Controls
Updated Jul 8, 2026
Product Security
- Secure Software Development Lifecycle established
- Penetration Testing conducted
- Change Management procedures enforced
- Vulnerability scanning procedures established
- Secure product architecture defined
- Production environment segregation enforced
- Intrusion Detection systems utilized
Access Management
- Role Based Access Control (RBAC) established
- Multi Factor Authentication implemented
- User Access Reviews conducted
- Password policy enforced
- Restricted production access maintained
- Privilege access restricted
- Access control policies and procedures defined
- Production database access restricted
- Access request and approval process defined
Security and Continuity Procedures
- Business Continuity and Disaster Recovery plans established
- Continuity and Disaster Recovery plans tested
- Incident Response plan tested
- Data backups and restoration procedures tested
- Production multi-availability zones utilized
- Production monitoring implemented
- Audit logging established
Data Security
- Encryption at rest implemented
- Encryption in transit implemented
- Encryption key management process established
- Network and firewall access restricted
Organization Security
- Risk Assessment and treatment established
- Vendor Risk Management established
- Asset Management maintained
- Security Awareness Training implemented
- Secure Development LifeCycle (SDLC) Training implemented
- Defined roles and responsibilities established
- Service Level Agreement established
- Candidates screening checks
- Confidentiality agreement acknowledged by employees
Endpoint Security
- Endpoint Detection and Response established
- Disk encryption enforced
- Threat and Malware protection enforced
- Endpoint Management policies established