At the core of our operations lies a strong commitment to security. We prioritize assisting our customers in enhancing their security and compliance stance, which begins with our own stringent measures.
The Security and Privacy teams at SoftPoint establish robust policies and controls, diligently monitor adherence to these controls, and provide evidence of our security and compliance to auditors from third-party entities.
Our policies are rooted in the following fundamental principles:
SoftPoint adheres to a strict access control policy that ensures access is granted solely to individuals with a valid business requirement, following the principle of least privilege.
We maintain a consistent application of security controls across all areas of the enterprise, ensuring a uniform and comprehensive approach to security.
We follow a comprehensive security approach based on the principle of defense-in-depth, which entails the implementation and layering of multiple security controls.
The implementation of controls at SoftPoint is an iterative process, continuously evolving to enhance effectiveness, increase auditability, and minimize friction across all dimensions.
Security and Compliance
SoftPoint maintains compliance with
Securing Data at Rest
At SoftPoint, all datastores containing customer data, including Azure Storage, are encrypted at rest to ensure heightened security. In addition, sensitive collections and tables employ row-level encryption.
This robust encryption approach ensures that data is encrypted prior to database storage, rendering both physical and logical access insufficient for accessing the most sensitive information.
Protecting Data in Transit
SoftPoint utilizes TLS 1.2 or higher for all data transmissions across potentially insecure networks to ensure robust security. We further employ features like HSTS (HTTP Strict Transport Security) to enhance the protection of our data during transit. The management of server TLS keys and certificates is entrusted to Azure, and they are deployed through Application Load Balancers.
SoftPoint leverages the robust security features of Microsoft Azure to ensure the protection of your sensitive data. Our encryption key management follows best practices, securely stored within Azure’s Key Vault, ensuring a separation of roles and restricted access. Meanwhile, Azure seamlessly handles internal secret keys, guaranteeing the encryption, storage, and protection of data, passwords, and databases. Access to these encrypted values is strictly controlled and limited to authorized individuals.
At SoftPoint, we are dedicated to upholding the highest standards of security. As part of our commitment, we conduct thorough annual penetration testing. This proactive approach allows us to meticulously evaluate our systems for vulnerabilities, ensuring that any potential weaknesses are promptly identified and addressed.
These assessments cover all aspects of the Flowis product and cloud infrastructure, with testers having full access to the source code. This comprehensive approach maximizes effectiveness and coverage.
We will provide summarized penetration test reports through our Trust Report, offering transparency and insights into our security practices, upon it’s acquisition.
Malicious dependency scanning to prevent the introduction of malware into our software supply chain.
Dynamic analysis (DAST) of running applications.
Network vulnerability scanning on a
External attack surface management (EASM) continuously running to discover new external-facing assets.
Secure Remote Access
SoftPoint ensures secure remote access to internal resources by utilizing a VPN tunnel. All internal resources are minimized to development purposed only and SoftPoint runs production environment and customer data on secured Microsoft Azure cloud.
SoftPoint prioritizes comprehensive security training for all employees during onboarding and annually through educational modules available on the SoftPoint platform. New employees are required to attend a live onboarding session focusing on key security principles, while new engineers receive a mandatory session on secure coding principles and practices. Our security team shares regular threat briefings to keep employees informed about important security updates and actions that require attention.
Identity and Access Management
SoftPoint relies on Office365 for secure identity and access management. We enforce the use of phishing-resistant authentication factors, primarily utilizing 2FA. Application access is granted based on employee roles and automatically revoked upon termination. Additional access requires approval according to specific application policies.
We are dedicated to being trustworthy stewards of all sensitive data, ensuring its protection and privacy.
SoftPoint values privacy by design.
SoftPoint constantly evaluates regulatory and emerging frameworks to evolve our program.
Terms and Conditions
View SoftPoint’s Terms and Conditions