SecureCoders Security Portal

Overview
SecureCoders is a security focused group of engineers with serious software development chops. In addition to helping our customers implement an practice good security, we also practice it seriously internally.
Risk Management

Vendor Management Review

This procedure is recommended for all third-party service providers who transmit or store any type of client or employee information but is mandatory for all business critical systems and providers who handle confidential, high risk data including Personally Identifiable Information (PII) and Protected Health Information (PHI).

  1. Upon selection of a vendor or service provider where customer or employee information will be transmitted or stored the requester shall contact SecureCoders’s Chief Information Security Officer

  2. The Chief Information Security Officer or their designee will assist the requestor in identifying the classification of the data that will be transmitted or stored by the service provider.

  3. The Chief Information Security Officer or their designee will participate in a risk assessment review with the service provider and requester by completing the Third-Party Risk Assessment (attached as Appendix A).

  • Note that the Chief Information Security Officer may accept relevant security documentation such as Certifications and Attestations of Laws, Regulations and Privacy and Certifications of Alignments and Frameworks in Lieu of Completed Third-Party Risk Assessment 

  • During the assessment the assessor should ensure that there are contractual controls to ensure that personal information transmitted, processed, stored or disclosed to or retained by third parties is limited to defined parameters for access, use and disclosure.

  1. Once completed, the Chief Information Security Officer or their designee will evaluate the results of the survey and make a recommendation to:

    1. Eliminate the service provider from consideration due to high risk finding

    2. Ask for more information from the service provider to complete the survey

    3. Approve the service provider

  2. All Assessments will be approved or rejected with cause by the Chief Information Security Officer or their designee.  Copies of the assessments shall be retained for SecureCoders’s records on SecureCoders’s Google Drive. 

  3. Results are then shared with the requestor, who completes the procurement process with the service provider.

Approved Risk Management Program

Risk assessment and risk treatment are applied to the entire scope of SecureCoders’s information security and privacy program, and to all assets which are used within SecureCoders or which could have an impact on information security and privacy within it.

Risk Ownership

All risk is ultimately owned and accepted by the SecureCoders Chief Executive Officer.

Access Control

Internally Shared User Accounts

SecureCoders employees do not share user accounts.

Staff Scoped Data Access

Employees are given access to company systems and customer information on an as-needed basis.

Human Resources

Employee Agreements

All contractors and employees must agree to an employment agreement and non-disclosure agreement prior to employment. 

Background Screening

All employees and contractors must undergo local and federal background checks prior to beginning work for SecureCoders.

Off-boarding Process

When an employee or contractor is terminated, access to accounts is removed prior to an exit interview with the head of Human Resources.

Roles and Responsibilities

Roles and responsibilities are well defined and documented within the HR management software which SecureCoders utilizes.

Organizational Security

Designated Security Point of Contact

Solution Security

Single Sign On

All SecureCoders employees are issued accounts using our Identity Provider which enforces MFA (multi-factor authentication) and the SecureCoders Password Policy.

Data Encrypted in Transit

All applications utilized for conducting SecureCoders business utilize the HTTP TLS 1.2 transport.

Customer Data Removal

Customer data is removed within 30 days of being no longer needed for SecureCoders to conduct their services.

Data Encrypted at Rest

Customer data is stored utilizing a well known cloud data storage platform which encrypts data at rest.

Privacy

Personally Identifiable Information (PII)

SecureCoders does not store customer PII.

Protected Health Information (PHI)

SecureCoders does not store PHI.

Asset and Data Management

Asset Management Policy

Assets are tracked via an industry standard asset management software which ensure local security configurations are correctly enabled as per SecureCoders policies.

Physical Security

Physical Security Controls

SecureCoders data is stored via a well-known corporate storage provider which employs strong physical security Controls.   All employee laptops are configured with encrypted hard disks to prevent data spillage in the event of a device being lost or stolen.

Network Security

Intrusion Prevention

SecureCoders implements industry leading endpoint protection on all company devices.

Powered By