Aside from empowering employees, security is our priority. We're working hard behind the scene to keep your data safe, secure, & private. This document explains our security architecture, data security and security process
ISO 27001 is an international standard published by the International Standardization Organization (ISO), and it describes how to manage information security in a company. Zugata is ISO 27001:2013 certified since 2017.
Zugata Security Architecture
Zugata’s security architecture is designed to protect the confidentiality, integrity and availability of all customer information that we host. Zugata has the following security controls:
- Secure data centers – Zugata’s data and services are hosted in Amazon AWS with strong security controls.
- Security monitoring – All of our networks and systems are constantly being monitored by leading security tools.
- Strict access controls (both system and network) – Zugata enforces strict access control on all its systems. We perform regular internal audits and use automated tools to verify desired configurations.
- Strict ingress and egress points – Access to the application is restricted to port 443. Zugata administration is limited to a small group of Zugata workers using a secure 2-factor VPN to access customer environments. All activity is logged.
- Hardened operating systems – All operating systems are configured with only required services and are configured to meet strict security requirements. Strong encryption is used from the client to our systems.
All of our security controls and risk analysis are based on the protection of customer data. Encryption has also been implemented for data transit. In addition to encryption, Zugata’s customer data security controls include:
- Restricted access to customer data – Zugata employee access to customer data is highly restricted and must be approved by senior management. Before access is granted, employees must complete security training.
- Logging and audit – All activity is logged in a protected system and is audited using automated tools.
- Incident and response – Zugata has an incident response process designed to handle customer data incidents.
- Training – All Zugata employees are required to participate in security training.
Software Engineering Security Process
Security is continuously improved and tested throughout the Zugata product lifecycle. All new feature designs are audited for high-level security considerations, and feature implementations are checked for security flaws throughout development.
Existing features are audited for security vulnerability regressions, and application-wide audits are performed to ensure that feature integration is secure. Third-party components used by Zugata are researched and monitored carefully for vulnerabilities. Zugata uses both manual and automated Security testing.
Zugata engages a third-party tester to perform a comprehensive review of our product. These tests include:
- Black and white box testing
- Source code security reviews
- Methodology based on OWASP and NIST standards
- Full penetration & configuration tests
EU - U.S & Swiss - US Framework
Zugata has achieved EU – US Privacy Shield certification with the US Department of Commerce.
To support our customers and website visitors in Switzerland, Zugata has certified its adherence to the Swiss - U.S Privacy Shield Framework.
Zugata strives for an excellent uptime. Our availability stats are publicly available at https://zugata.statuspage.io