Platform Security

SECURITY SCORE CARD

How we’ve secured our platform.
With comprehensive authentication and authorization methods, safe code development, data protection measures. You can use our platform with confidence.

Multi-Factor Authentication
Customers can protect their accounts with MFA so only users that present two or more methods of authentication are allowed to log in to the platform.

Passwords Management
All account passwords must fulfill minimum requirements, encrypted and never stored in cleartext.

Account Lockout
Multiple unsuccessful login attempts result in a locked account, with password re-entry required following time-out.

SSO/SAML Support
Sepio supports using SSO as the login mechanism for easy and secure access.
Furthermore, customers have the option to use their own Identity Provider (IDP) that supports SAML 2.0.

Role-Based Access Controls
Administrators can provision different levels of access and permissions through role-based access control.

Users’ Data
Any user data such as IP addresses is removed to deidentify the data prior to storing it.

Data Segregation
Our cloud infrastructure is broken into entirely separate services for each customer.

Encryption in Transit
Our web servers use TLS 1.2 encryption on port 443 to secure data in transit and via APIs, ensuring all private data is exchanged over encrypted channels.

Encryption at Rest
Data is stored in encrypted databases, with AES 256 or better.

Data Upload Protection
Multiple measures are implemented to scan, test and ensure the integrity of any data that is uploaded into the platform.

Audit logs
Sepio’s platform logs all user activity to enable easy auditing of usage patterns.

Sepio CVEs
Sepio platforms reported CVEs can be found here (NIST NVD).

Availability
Production environment is hosted by Microsoft Azure Cloud Services, which provides high availability and resiliency.
Data back-up and a meticulous disaster recovery plan enables us to quickly recover production in the event failure.

Penetration Testing
We use rotating third parties’ security researchers to perform penetration testing and verify there are no exploitable vulnerabilities in our platform on a regular basis.

Vulnerability Management
Our development department carries out vulnerabilities detection and remediation by multiple tools to achieve STIG compliance (Security Technical Implementation Guide) and according to our internal Patch Management Policy.

Our commitment to information security and data privacy is embedded in every part of our business.

Learn more about our security posture and the security measures we implement.

Platform Security

How we’ve secured our platform.
With comprehensive authentication and authorization methods, safe code development, data protection measures. Use our platform with confidence.

Platform Security

Corporate Infrastructure Security Measures

How we’ve secured our corporate infrastructure.
From endpoint protection and management defense layers to a dedicated, protected internal network and multiple security protection layers.

Corporate Infrastructure Security Measures

Secure Development

How we’ve secured our development.
Sepio ensures the highest industry standard for secure development through security design review and rigorous penetration testing.

Secure Development

Security Governance

Our security governance frame.
Experienced professionals lead and deploy Sepio’s information security framework, ensuring expertise in the field of information security.

Security Governance

Cyber Security Certifications

Our certifications and attestations.
Leveraging our world-class security framework, we were awarded with the ISO/IEC 27001 and ISO/IEC 27017 certifications.

Cyber Security Certifications

Privacy and Security

Our commitment to data privacy.
Sepio’s privacy program is all about doing right by not storing any private data.

Privacy and Security

Bounty Program

If you want to know more about Sepio’s security framework or you would like to make a security disclosure, please don’t hesitate to contact our CISO at:

CISO@SepioCyber.com

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.