Platform Security

SECURITY SCORE CARD

How we’ve secured our platform.
With comprehensive authentication and authorization methods, safe code development, data protection measures. You can use our platform with confidence.

Multi-Factor Authentication
Customers can protect their accounts with MFA so only users that present two or more methods of authentication are allowed to log in to the platform.

Passwords Management
All account passwords must fulfill minimum requirements, encrypted and never stored in cleartext.

Account Lockout
Multiple unsuccessful login attempts result in a locked account, with password re-entry required following time-out.

SSO/SAML Support
Sepio supports using SSO as the login mechanism for easy and secure access.
Furthermore, customers have the option to use their own Identity Provider (IDP) that supports SAML 2.0.

Role-Based Access Controls
Administrators can provision different levels of access and permissions through role-based access control.

Users’ Data
Any user data such as IP addresses is removed to deidentify the data prior to storing it.

Data Segregation
Our cloud infrastructure is broken into entirely separate services for each customer.

Encryption in Transit
Our web servers use TLS 1.2 encryption on port 443 to secure data in transit and via APIs, ensuring all private data is exchanged over encrypted channels.

Encryption at Rest
Data is stored in encrypted databases, with AES 256 or better.

Data Upload Protection
Multiple measures are implemented to scan, test and ensure the integrity of any data that is uploaded into the platform.

Audit logs
Sepio’s platform logs all user activity to enable easy auditing of usage patterns.

Sepio CVEs
Sepio platforms reported CVEs can be found here (NIST NVD).

Availability
Production environment is hosted by Microsoft Azure Cloud Services, which provides high availability and resiliency.
Data back-up and a meticulous disaster recovery plan enables us to quickly recover production in the event failure.

Penetration Testing
We use rotating third parties’ security researchers to perform penetration testing and verify there are no exploitable vulnerabilities in our platform on a regular basis.

Vulnerability Management
Our development department carries out vulnerabilities detection and remediation by multiple tools to achieve STIG compliance (Security Technical Implementation Guide) and according to our internal Patch Management Policy.

Our commitment to information security and data privacy is embedded in every part of our business.

Learn more about our security posture and the security measures we implement.

Corporate Security Measures

How we’ve secured our corporate infrastructure.
From endpoint protection and management defense layers to a dedicated, protected internal network and multiple security protection layers.

Secure Development

How we’ve secured our development.
Sepio ensures the highest industry standard for secure development through security design review and rigorous penetration testing.

Security Governance

Our security governance frame.
Experienced professionals lead and deploy Sepio's information security framework, ensuring expertise in the field of information security.

Security Certifications

Our certifications and attestations.
Leveraging our world-class security framework, we were awarded with SOC 2 Type II, ISO/IEC 27001, ISO/IEC 27017 certifications.

Privacy

Our commitment to data privacy.
Sepio’s privacy program is all about doing right by not storing any private data.

Resiliency

Our Disaster Recovery and Business Continuity Plans.
Elaborated DRP and BCP was put in place and tested to address potential scenarios and to meet Sepio’s data and operation recovery objectives.

Bounty Program

If you want to know more about Sepio’s security framework or you would like to make a security disclosure, please don’t hesitate to contact our CISO at:

ciso@sepiocyber.com