Our Security Principles

 

At Smith & Carson, security compliance principles underpin our approach to delivering advanced products and services, providing clients with a seamless and secure gateway.

Secure Development

Our commitment to secure development lifecycle principles is unwavering. Each project adheres to rigorous security standards. Through comprehensive design reviews, security requirements are seamlessly integrated into every facet of development. Our team members engaged in system development undergo regular secure development training, ensuring expertise in coding languages and relevant practices. In line with OWASP Top 10 recommendations, our software development prioritizes web application security.

Rigorous Testing

Our proactive stance is exemplified through third-party penetration testing and vulnerability scanning of production systems and external interfaces. Before deployment, each new system and service undergoes meticulous scanning. Penetration testing, conducted by both internal security engineers and external experts, ensures a holistic evaluation of new systems and updates. Our software development process incorporates comprehensive static and dynamic security testing, encompassing all code, including open-source libraries.

Cloud Security Excellence

Within our cloud platform, security takes center stage. Customer isolation is ensured through a state-of-the-art multi-tenant architecture. Our isolation approach safeguards client environments within dedicated trust zones, thwarting unintended co-mingling. Through data encryption at rest and in transit, unauthorized access is prevented. Vigilant monitoring by our experts maintains platform integrity. Unique encryption keys safeguard data, aligning with SOC 2 standards, and role-based access controls are upheld.

Personnel Security

The security of data, client or internal, is paramount. Rigorous background checks are conducted on all contractors and employees, in line with local laws and industry standards. Confidentiality is assured through signed Non-Disclosure Agreements (NDAs). Our security-centric culture is nurtured through continuous employee training and testing using the latest techniques and attack vectors.

Exemplary Compliance

Smith & Carson’s commitment to security is fortified by external certifications. Our successful completion of the SOC 2 Type II audit attests to our adherence to information security practices. The unqualified opinion earned demonstrates our high standards of security and compliance, fostering trust among our clients. Access to the audit report is available for our partners and customers upon request.

At Smith & Carson, innovation is synonymous with security. Our dedication ensures technology serves as an enabler while safeguarding the digital realm for all.