How do We Safeguard Your Data at Daxap?
At Daxap, our mission is to craft solutions that not only have a positive societal impact but also simplify everyday life for both organizations and their customers. We take your data protection seriously—it’s our top priority. Transparency is key, and we’re committed to keeping you informed about the security measures we employ and helping you understand how we safeguard your information.
From day one, Daxap has implemented an Information Security Management System (ISMS) to ensure the highest standards of security. Our security program is aligned with leading industry standards and best practices, including GDPR and ISO certifications. As a testament to our efforts, we proudly achieved ISO-27001 Certification in September 2023.
Our dedicated security team, led by our Chief Information Security Officer (CISO), oversees the fulfillment of all ISMS requirements. The team has meticulously developed policies, procedures, and essential systems like Risk, Asset, and Incident Management to implement and manage our security program. We also ensure that every Daxap employee is well-trained on ISMS requirements. To maintain the effectiveness of these measures, we conduct regular internal and external audits.
Your data’s security and integrity are paramount to us. We are committed to protecting it through the following principles:
Secure by Design – At Daxap, security is embedded from the very beginning. We follow a robust secure development lifecycle and adhere to OWASP Secure Coding Practices, guided by our “Software Development Policy” and “Secure Coding Policy.”
Encryption – We rely on AWS for our data centers, where both secure environments and physical protection are ensured. All data exchanged between Daxap clients and services is encrypted with strong protocols. For data at rest, our production network employs encryption methods like Advanced Encryption Standard (AES) or RSA.
Network Segregation and Security – To better protect sensitive data, we segregate our systems into distinct networks. Testing and development environments are hosted separately from our production infrastructure.
Access Control – We adhere to the principle of least privilege, granting system access only to those authorized based on their roles and responsibilities. Multi-Factor Authentication (MFA) is required for system login wherever possible. Additionally, we mandate the use of an authorized password manager to prevent password-related threats like reuse and phishing.
Logging and Monitoring – We continuously log and monitor access to our network, systems, and communications to detect and prevent unauthorized access and ensure our access control systems are working effectively.
Data Retention and Disposal – We handle the retention and disposal of customer data in strict accordance with our contractual agreements.
Incident Response – Daxap has a solid incident management process in place to identify, contain, investigate, and resolve any security incidents that threaten our information assets. A dedicated team manages these incidents and ensures that any necessary reports are made promptly.
Vendor Management – We depend on third-party providers to operate efficiently. Recognizing that these services impact our production environment’s security, we enforce stringent agreements to ensure they uphold our confidentiality commitments. We regularly review their security controls to maintain our high standards.
Third-Party Validation – We continually monitor and enhance the effectiveness of our ISMS activities through audits performed by both internal and third-party credentialed assessors.
As a conclusion, we are fundamentally committed to safeguarding your data at Daxap. Protecting your information is a duty we take seriously, and we continuously strive to maintain your trust.
Visit our Trust Center for more information.