Behind the Scenes: Security Management at ScienceSoft
ISO 27001-certified mature information security management system.
Field-tested security knowledge: protecting businesses against cyber threats since 2003.
Competent security team: SIEM/SOAR/XDR experts, certified cloud security experts, compliance consultants, Certified Ethical Hackers, and more.
No security incidents overshadowing our 34-year history. |
Trusted by 1200+ customers, including global brands such as Deloitte, Walmart, eBay, Nestle, NASA JPL, Viber, Leo Burnett, M&T Bank, T-Mobile. |
Dedicated to Keeping Our Customers Safe: Security Within a Project
When we embark on development, support, testing, and other projects, our customers' cybersecurity becomes our highest-priority concern. For each project, we have a charter describing security management procedures tailored to the client's business specifics, security and compliance requirements. Our certified internal auditors are ready to check how well our security management processes work during the project. As for specific measures we apply to secure customers’ IT resources we access, they may include:
Protecting our customers' intellectual property
- Signing a non-disclosure agreement to confirm we ensure full confidentiality of our customer's trade secrets or other intellectual property.
- Acknowledging that our customers own all the information they entrust to us: ideas, designs, code, etc.
- Deleting the customer's data from our ecosystem as soon as it is no longer needed for the project's purposes.
Securing project environment
- Enterprise-level VPN tunnels to protect permanent interconnection between our and our clients' infrastructures.
- Secure corporate devices, including the ones with encrypted disks.
- Secure virtual machines.
- A separate secure code repository for each project.
- The physical presence of our employees in a secure, controlled environment.
- A custom project environment: e.g., an isolated network infrastructure, dedicated physical servers, dedicated rooms for the project team.
Preventing unauthorized access to our customers’ data and IT systems
- Access to project data only for authorized employees strictly according to their roles.
- All the passwords granted by the client to access its systems are stored in the client's password storage; passwords to access the client's password storage are in ScienceSoft's secure password storage.
- Multi-factor authentication.
Evaluating and improving the security of the customers’ apps and IT infrastructure components within the project scope
- Security-focused code review/audit.
- Vulnerability assessment.
- Black/gray/white box penetration testing.
- Social engineering testing.
- Security audit.
- Compliance assessment.
We are experienced in handling all types of cyber threats
- 20 years in IT security services.
- A solid portfolio of completed cybersecurity projects.
We have built a security system that runs like clockwork
- Comprehensive security program based on NIST CSF.
- Clearly defined roles and responsibilities for the employees involved in managing security.
We keep our cyber defense up to date
- Security policies and processes frequently reviewed and improved by our ISO 27001-certified internal auditors.
- Regular security testing of our IT infrastructure and software.
We are compliant and help achieve compliance
- Meeting legal and contractual requirements we are subject to: e.g., ISO 14971:2019 – a standard of risk management for medical devices, including SaMD.
- Hands-on experience with HIPAA, PCI DSS/SSF, FISMA, SOC 2, NYDFS, GDPR, and other standards and regulations.
All about Our Approach
Behind the Scenes