We utilize Microsoft Azure data centers that meet the following certifications:
PCI-DSS Level 1 Service Provider
SOC 3 - System and Organization Controls
NIST 800-53 Revision 4
ISO 9001 - Global Quality Standard
ISO 27001 - Security Management Control
ISO 27017 - Cloud Specific Controls
ISO 27018 - Personal Data Protection
Software Development
All software engineers receive software security training that covers security best practices including covering OWASP Top Ten as well as Mobile Security best practices.
All source code is developed in accordance with a standard SDLC process that includes
A software and security code review before being shipped to production.
Running through a continuous integration test suite.
Manual QA testing.
A Pen-test including Static and Dynamic Code Analysis is regularly done by a third party security company.
Encryption
All web traffic is encrypted by TLS 1.2 or greater.
We follow NIST recommendations for hashing, symmetric and asymmetric encryption.
Memorized Secrets are handled in conformance with NIST SP 800-63
Data destruction conducted in conformance with NIST SP 800-88
Organization
All staff regularly receive security training by trained professionals and must pass security awareness tests.
All staff are regularly subjected to simulated phishing and other social engineering attacks to test their awareness.
All staff must sign off on security and acceptable use policies and procedures.
Security Vulnerability Program
Thuzi encourages the responsible disclosure of security vulnerabilities by offering a reward program for security researchers. The terms of this program are defined in the Patron Technology Security Vulnerability Program
We utilize Amazon Web Services (AWS) data centers that meet the following certifications:
PCI-DSS Level 1 Service Provider
SOC 3 - System and Organization Controls
NIST 800-53 Revision 4
ISO 9001 - Global Quality Standard
ISO 27001 - Security Management Control
ISO 27017 - Cloud Specific Controls
ISO 27018 - Personal Data Protection
Software Development
All software engineers receive software security training that covers security best practices including covering OWASP Top Ten as well as Mobile Security best practices.
All source code is developed in accordance with a standard SDLC process that includes
A software and security code review before being shipped to production.
Manual QA testing.
Encryption
All web traffic is encrypted by TLS 1.2 or greater.
We follow NIST recommendations for hashing, symmetric and asymmetric encryption.
Memorized Secrets are handled in conformance with NIST SP 800-63
Data destruction conducted in conformance with NIST SP 800-88
Organization
All staff regularly receive security training by trained professionals and must pass security awareness tests..
All staff are regularly subjected to simulated phishing and other social engineering attacks to test their awareness.
All staff must sign off on security and acceptable use policies and procedures.
Security Vulnerability Program
FISH Technologies encourages the responsible disclosure of security vulnerabilities by offering a reward program for security researchers. The terms of this program are defined in the Patron Technology Security Vulnerability Program