SECURITY SCORE CARD
How we’ve secured our platform.
With comprehensive authentication and authorization methods, safe code development, data protection measures. You can use our platform with confidence.
Multi-Factor Authentication
Customers can protect their accounts with MFA so only users that present two or more methods of authentication are allowed to log in to the platform.
Passwords Management
All account passwords must fulfill minimum requirements, encrypted and never stored in cleartext.
Account Lockout
Multiple unsuccessful login attempts result in a locked account, with password re-entry required following time-out.
SSO/SAML Support
Sepio supports using SSO as the login mechanism for easy and secure access.
Furthermore, customers have the option to use their own Identity Provider (IDP) that supports SAML 2.0.
Role-Based Access Controls
Administrators can provision different levels of access and permissions through role-based access control.
Users’ Data
Any user data such as IP addresses is removed to deidentify the data prior to storing it.
Data Segregation
Our cloud infrastructure is broken into entirely separate services for each customer.
Encryption in Transit
Our web servers use TLS 1.2 encryption on port 443 to secure data in transit and via APIs, ensuring all private data is exchanged over encrypted channels.
Encryption at Rest
Data is stored in encrypted databases, with AES 256 or better.
Data Upload Protection
Multiple measures are implemented to scan, test and ensure the integrity of any data that is uploaded into the platform.
Audit logs
Sepio’s platform logs all user activity to enable easy auditing of usage patterns.
Sepio CVEs
Sepio platforms reported CVEs can be found here (NIST NVD).
Availability
Production environment is hosted by Microsoft Azure Cloud Services, which provides high availability and resiliency.
Data back-up and a meticulous disaster recovery plan enables us to quickly recover production in the event failure.
Penetration Testing
We use rotating third parties’ security researchers to perform penetration testing and verify there are no exploitable vulnerabilities in our platform on a regular basis.
Vulnerability Management
Our development department carries out vulnerabilities detection and remediation by multiple tools to achieve STIG compliance (Security Technical Implementation Guide) and according to our internal Patch Management Policy.
Learn more about our security posture and the security measures we implement.
If you want to know more about Sepio’s security framework or you would like to make a security disclosure, please don’t hesitate to contact our CISO at: