Behind the Scenes: Security Management at ScienceSoft
With cybersecurity being one of our corporate priorities, ScienceSoft has been investing heavily in a mature information security management system compliant with ISO 27001 and sustainable security culture. Due to comprehensive policies, well-implemented processes, advanced technology, and skilled professionals, we ensure the reliable protection of our and our customers’ data.
|
|
|
|
|
|
|
Field-tested security knowledge. In cybersecurity services since 2003 and with 200+ successfully completed projects in the domain, we know how to handle all types of cyber threats, including advanced persistent ones. |
|
Evergreen security policies and continuous improvement of the information security management system. Our ISO 27001-certified internal auditors regularly review and improve the security policies and processes, while our security testing team checks our software and IT infrastructure to eliminate potential vulnerabilities. This is how we fully cover our and our clients' security needs and stay protected against evolving and newly appearing threats. |
|
Effective security organization. Our security program clearly defines roles and responsibilities for the employees involved in managing security. It also enables us to adequately implement and maintain information security practices within our company and apply them when accessing our clients' data or IT assets. |
|
Compliance. We meet legal and contractual requirements we are subject to: e.g., ISO 14971:2019 – a standard of risk management for medical devices, including SaMD. Having hands-on experience with HIPAA, PCI DSS/SSF, FISMA, SOC 2, and other security standards and regulations, we are ready to work according to the compliance requirements applicable to our customers. |
Dedicated to Keeping Our Customers Safe: Security Within a Project
When we embark on development, support, testing, and other projects, our customers' cybersecurity becomes our highest-priority concern. For each project, we have a charter describing security management procedures tailored to the client's business specifics, security and compliance requirements. Our certified internal auditors are ready to check how well our security management processes work during the project. As for specific measures we apply to secure customers’ IT resources we access, they may include:
Securing project environment
- Enterprise-level VPN tunnels to protect permanent interconnection between our and our clients' infrastructures.
- Secure corporate devices, including the ones with encrypted disks.
- Secure virtual machines.
- A separate secure code repository for each project.
- The physical presence of our employees in a secure, controlled environment.
- A custom project environment: e.g., an isolated network infrastructure, dedicated physical servers, dedicated rooms for the project team.
Preventing unauthorized access to our customers’ data and IT systems
- Access to project data only for authorized employees strictly according to their roles.
- All the passwords granted by the client to access its systems are stored in the client's password storage; passwords to access the client's password storage are in ScienceSoft's secure password storage.
- Multi-factor authentication.
Evaluating and improving the security of the customers’ apps and IT infrastructure components within the project scope
- Security-focused code review/audit.
- Vulnerability assessment.
- Black/gray/white box penetration testing.
- Social engineering testing.
- Security audit.
- Compliance assessment.