Protecting our client's information and reputation is of utmost priority. We value the importance of being transparent about our security posture and how security is embedded into our DNA, since very early days.
We strive to provide our customers with the confidence to choose A/B Smartly as a trusted vendor. To do so, we have implemented an information security management system, based on international standards and best practices, and managed by dedicated resources.
Moreover, A/B Smartly has engaged with independent auditors to assess and certify its ISMS against the ISO/IEC 27001 international standard. We expect to achieve the certification during the first quarter of 2023.
Mandatory acknowledgement of security policies and periodic security awareness training.
Formally defined roles and responsibilities related to our information security processes.
Confidentiality agreements established with all personnel.
Encryption of all data both in transit, and at rest.
User access controls including single sign on and mandatory multifactor authentication.
Logging and monitoring processes and technologies with automated alerting.
Secure Software Development Lifecycle with a security-by-design approach.
Code reviews against OWASP Top 10.
Periodic penetration testing performed by independent third-parties.
Ongoing vulnerability scans.
Change management program ensuring all changes are evaluated, tested and formally approved.
Systems hardening according to industry standards and best practices.
Centralized endpoint management solution with enforcement of security policies.
Relying on leading cloud services providers which offer highly-available, resilient and redundant infrastructures.
Formally defined incident management procedures to address incidents which may impact the confidentiality, integrity or availability of our client’s information.
If you found a potential issue which may compromise the security of our products or services, you are welcome to contact us at [email protected].
A/B Smartly takes security very seriously, and will investigate all reported vulnerabilities. Kindly consider providing any supporting material (e.g., PoC, tool output) which can contribute to effectively understanding the severity of the vulnerability.