ABsmartly Commitment to Information Security

ABsmartly Commitment to Information Security

ABsmartly Commitment to Information Security

Last updated: 23-01-2024

Last updated: 23-01-2024

Last updated: 23-01-2024

Our Commitment

Our Commitment

Our Commitment

Protecting ABsmartly information and reputation is of utmost priority. We value the importance of being transparent about our security posture and how security is embedded into our DNA, since very early days.

We strive to provide our customers with the confidence to choose ABsmartly as a trusted vendor. To do so, we have implemented an information security management system (ISMS), based on international standards and best practices, and managed by dedicated resources.

ABsmartly ISMS has been certified against the ISO/IEC 27001:2013 international standard.

Protecting ABsmartly information and reputation is of utmost priority. We value the importance of being transparent about our security posture and how security is embedded into our DNA, since very early days.

We strive to provide our customers with the confidence to choose ABsmartly as a trusted vendor. To do so, we have implemented an information security management system (ISMS), based on international standards and best practices, and managed by dedicated resources.

ABsmartly ISMS has been certified against the ISO/IEC 27001:2013 international standard.

Protecting ABsmartly information and reputation is of utmost priority. We value the importance of being transparent about our security posture and how security is embedded into our DNA, since very early days.

We strive to provide our customers with the confidence to choose ABsmartly as a trusted vendor. To do so, we have implemented an information security management system (ISMS), based on international standards and best practices, and managed by dedicated resources.

ABsmartly ISMS has been certified against the ISO/IEC 27001:2013 international standard.

Security Controls

Security Controls

Security Controls

Human Resources

Human Resources

Human Resources

  • Mandatory acknowledgement of security policies and periodic security awareness training.

  • Formally defined roles and responsibilities related to our information security processes.

  • Confidentiality agreements established with all personnel.

  • Mandatory acknowledgement of security policies and periodic security awareness training.

  • Formally defined roles and responsibilities related to our information security processes.

  • Confidentiality agreements established with all personnel.

  • Mandatory acknowledgement of security policies and periodic security awareness training.

  • Formally defined roles and responsibilities related to our information security processes.

  • Confidentiality agreements established with all personnel.

Data Protection

Data Protection

Data Protection

  • Encryption of all data both in transit, and at rest.

  • User access controls including single sign on and mandatory multifactor authentication.

  • Logging and monitoring processes and technologies with automated alerting.

  • Encryption of all data both in transit, and at rest.

  • User access controls including single sign on and mandatory multifactor authentication.

  • Logging and monitoring processes and technologies with automated alerting.

  • Encryption of all data both in transit, and at rest.

  • User access controls including single sign on and mandatory multifactor authentication.

  • Logging and monitoring processes and technologies with automated alerting.

Secure Development

Secure Development

Secure Development

  • Secure Software Development Lifecycle with a security-by-design approach.

  • Code reviews against OWASP Top 10.

  • Secure Software Development Lifecycle with a security-by-design approach.

  • Code reviews against OWASP Top 10.

  • Secure Software Development Lifecycle with a security-by-design approach.

  • Code reviews against OWASP Top 10.

Security Testing

Security Testing

Security Testing

  • Periodic penetration testing performed by independent third-parties.

  • Ongoing vulnerability scans.

  • Periodic penetration testing performed by independent third-parties.

  • Ongoing vulnerability scans.

  • Periodic penetration testing performed by independent third-parties.

  • Ongoing vulnerability scans.

Infrastructure Security

Infrastructure Security

Infrastructure Security

  • Change management program ensuring all changes are evaluated, tested and formally approved.

  • Systems hardening according to industry standards and best practices.

  • Centralized endpoint management solution with enforcement of security policies. 

  • Change management program ensuring all changes are evaluated, tested and formally approved.

  • Systems hardening according to industry standards and best practices.

  • Centralized endpoint management solution with enforcement of security policies. 

  • Change management program ensuring all changes are evaluated, tested and formally approved.

  • Systems hardening according to industry standards and best practices.

  • Centralized endpoint management solution with enforcement of security policies. 

Availability

Availability

Availability

  • Relying on leading cloud services providers which offer highly-available, resilient and redundant infrastructures.

  • Relying on leading cloud services providers which offer highly-available, resilient and redundant infrastructures.

  • Relying on leading cloud services providers which offer highly-available, resilient and redundant infrastructures.

Incident Management

Incident Management

Incident Management

  • Formally defined incident management procedures to address incidents which may impact the confidentiality, integrity or availability of our client’s information.

  • Formally defined incident management procedures to address incidents which may impact the confidentiality, integrity or availability of our client’s information.

  • Formally defined incident management procedures to address incidents which may impact the confidentiality, integrity or availability of our client’s information.

Report Suspected Vulnerabilities

Report Suspected Vulnerabilities

Report Suspected Vulnerabilities

If you found a potential issue which may compromise the security of our products or services, you are welcome to contact us at vulnerability-report@absmartly.com

ABsmartly takes security very seriously, and will investigate all reported vulnerabilities. Kindly consider providing any supporting material (e.g., PoC, tool output) which can contribute to effectively understanding the severity of the vulnerability.

If you found a potential issue which may compromise the security of our products or services, you are welcome to contact us at vulnerability-report@absmartly.com

ABsmartly takes security very seriously, and will investigate all reported vulnerabilities. Kindly consider providing any supporting material (e.g., PoC, tool output) which can contribute to effectively understanding the severity of the vulnerability.

If you found a potential issue which may compromise the security of our products or services, you are welcome to contact us at vulnerability-report@absmartly.com

ABsmartly takes security very seriously, and will investigate all reported vulnerabilities. Kindly consider providing any supporting material (e.g., PoC, tool output) which can contribute to effectively understanding the severity of the vulnerability.

Home

Benefits

Resources

Blog

News

Stats Engine

FAQ

About

Contact us

Our Story

Our Team

Security

Get a demo

Benefits

Resources

Blog

News

Stats Engine

FAQ

About

Contact us

Our Story

Our Team

Security

Get a demo