Outerscore’s Information Security Management System (ISMS) has been successfully re-certified according to ISO 27001 by Dekra – an accredited certification body.
Being safe and protect our client’s confidential data is a top priority at Outerscore. We have invested considerable resources in our security policies and processesto provide a secure platform to our customers and partners. Therefore we are thrilled to announce that we have just achieved our re-certification according to ISO27001:2017.
ISO 27001 is an international standard for Information Security System. It defines the requirements for the implementation of an information security management system (ISMS). The ISMS identifies security measures to ensure the protection of the company’s assets. The aim is to protect functions and information from loss, theft or alteration, and computer systems from intrusion and computer failure. Our ISMS assures with a set of security controls that protect the confidentiality, availability, and integrity of confidential, personal, and sensitive data from being leaked, damaged, destroyed, or exposed to harmful elements.
Secure Architecture: Our tiered architecture provides multiple layers of protection. Each application operates in its own silo, heavily protected from the internet by our front-end load balancers, layer-3 and web application firewalls and intrusion detection systems.
Encrytion in Transit and at Rest: Any data that is transferred over the internet uses industry-standard encryption: All traffic in transit uses the latest secure cipher algorithms (TLS 1.2) and we use per customer (AES-256) keys to encryt data on disk
Audit Logging: Every change in the system and all data transfers via API to other systems are logged using latest Amazon Web Services technology like AWS CloudWatch and AWS CloudTrail. All log data is stored for at least 14 days.
Attribute-based Access Control: Outerscore maintains a fine grained access control using a combination of authentication, authorization, and entitlement mechanisms. We support several authentication options such as Okta, OneLogin, or SecureAuth to provide seamless SSO.
Performance and Availability: Our infrastructure-as-code (IaC) approach allows us to restore or launch our entire infrastructure in less than 30 min. Utilizing the leading enterprise business cloud – AWS – allows us to make use of best-in-class cloud hosting security standards.
Security Assessments and Tests: We continuous test our application for security flaws and potential vulnerabilities. Every line of code must pass rigorous testing in three different environments before it is deployed to our customers.