Commitment to Security
October 25, 2022
Security Program Overview
SOOS uses robust security policies and employee training, as well as technical controls (such as vulnerability scanning, boundary protections, RBAC, and multifactor authentication) to create a layered approach to security.
SOOS encrypts all client data at rest and in transit, performs regular backups on all client data, and enforces data retention and data deletion policies.
SOOS utilizes its proprietary SCA tool, DAST tool (based on OWASP ZAP), Azure Security Center, and third-party penetration tests to ensure its safety and security at all stages of the development process. All code is peer reviewed, committed to multiple environments, and validated with automated and manual tests by a trained QA staff before being released to production.
SOOS uses Azure to host its proprietary application. We make full use of Microsoft’s security products embedded within Azure to assess, secure, and defend our infrastructure. SOOS also uses Cloudflare to provide CDN, boundary protection, WAF, IPS and IDS.
Rapid Response Plans
SOOS has incident response, disaster recovery, and business continuity plans that are tested regularly.