Outerscore Achieves Re-Certification According to ISO27001:2017

Being safe and protect our client’s confidential data is a top priority at Outerscore. We have invested considerable resources in our security policies and processes since early 2020 to provide a secure platform to our customers and partners. Therefore we are thrilled to announce that we have just achieved our re-certification according to ISO27001:2017.

Our certificate was initially issued in October 2020 through DEKRA, a globally leading third party auditor with a workforce of more than 45,000 experts in over 60 countries on all continents. DEKRA confirmed that Outerscore’s information security management system (ISMS) is comprehensive and follows leading practices.

Our ISMS assures with a set of security controls that protect the confidentiality, availability, and integrity of confidential, personal, and sensitive data from being leaked, damaged, destroyed, or exposed to harmful elements.

Secure Architecture: Our tiered architecture provides multiple layers of protection. Each application operates in its own silo, heavily protected from the internet by our front-end load balancers, layer-3 and web application firewalls and intrusion detection systems.

Encrytion in Transit and at Rest: Any data that is transferred over the internet uses industry-standard encryption: All traffic in transit uses the latest secure cipher algorithms (TLS 1.2) and we use per customer (AES-256) keys to encryt data on disk

Audit Logging: Every change in the system and all data transfers via API to other systems are logged using latest Amazon Web Services technology like AWS CloudWatch and AWS CloudTrail. All log data is stored for at least 14 days.

Attribute-based Access Control: Outerscore maintains a fine grained access control using a combination of authentication, authorization, and entitlement mechanisms. We support several authentication options such as Okta, OneLogin, or SecureAuth to provide seamless SSO.

Performance and Availability: Our infrastructure-as-code (IaC) approach allows us to restore or launch our entire infrastructure in less than 30 min. Utilizing the leading enterprise business cloud –  AWS – allows us to make use of best-in-class cloud hosting security standards.

Security Assessments and Tests: We continuous test our application for security flaws and potential vulnerabilities. Every line of code must pass rigorous testing in three different environments before it is deployed to our customers.

Leave a Reply

Your email address will not be published.