Limit Network Connections
Production databases and SSH access are isolated within private, firewalled networks. Only HTTPS traffic (port 443) is publicly exposed. Rate limiting, intrusion detection, and continuous perimeter monitoring are built into our infrastructure.
Transmission Confidentiality
TLS enforces confidentiality on all transmitted data.
Anomalous Behaviour Detection
Automated software anomaly detection flags abnormal traffic or error patterns, helping identify threats early.
Capacity & Performance Management
Critical assets are monitored continuously for performance and denial-of-service risks, with alerts for capacity thresholds.
Centralized Event Logs
Audit events from critical systems are collected centrally in monitoring software, enabling review and threat detection.
Firewall
Cloudflare WAF filters all incoming traffic, applying both managed and custom rules.
IDS/IPS
We employ Cloudflare and Datadog to detect suspicious traffic and application behavior.
Wireless Security
Access to internal systems requires authenticated connections, ensuring unauthorized devices cannot connect. VPN use is required on unsecured or unknown networks.
Spoofing Protection
Our email domain is protected with SPF and DKIM to reduce spoofing risks.
Virtual Private Cloud
Our infrastructure runs on services where all data centers are certified for ISO 27001, PCI DSS, HIPAA, and SOC 2 Type II.