Looking for a few questions answered as part of my company’s assurance processes:
Any security controls you’ve put in place
Is data encrypted at rest or in transit (or both)
Has any technical assurance been carried out (i.e. penetration testing, vulnerability scanning, code reviews etc)
Do you or are you aiming to hold any security certifications (Cyber Essentials, ISO27001, SOC2 etc)
Thank you!
I find it a bit hard to answer these questions.
Any security controls you’ve put in place
What does this reference? There are so many places where security is relevant - starting with the locks on my office doors to low level code parts.
I do have many security controls but obviously I don't want to publish them.
Is data encrypted at rest or in transit (or both)
What data?
Has any technical assurance been carried out (i.e. penetration testing, vulnerability scanning, code reviews etc)
I do use automatic vulnerability scanning tools for dependencies I'm using. However there haven't been penetration tests or code reviews.
Do you or are you aiming to hold any security certifications (Cyber Essentials, ISO27001, SOC2 etc)
No (I'm a single indie developer)
Thanks for your responses!
Sorry these questions are slightly vague, they are part of my company’s process for implementing a tool like this and they are not personal at all.
Would you be able to share any more info on security controls privately?
Only if there are specific questions then best send an email to andreas@folivora.ai