Regulations, and Standards
At Safe Security, we make cyber risk an informed business decision.
As a pioneer in the “Cybersecurity and Digital Business Risk Quantification” space, Safe Security is enabling businesses to objectively measure and mitigate cyber risk across the enterprise. We are fundamentally changing how digital risk is managed with our ML Enabled API-First SAFE Platform, which aggregates automated signals across people, process, and technology, both for 1st and 3rd Party to dynamically predict the breach likelihood (SAFE Score) & $$ risk of an organization.
With security being at the heart of everything we do, we go the extra mile to ensure that our customers’ data is secure. We implement best in class and industry-leading security programs and measures to secure our cloud-based platforms and processes.
Our approach to security
is based on the following objectives
Regulations, and Standards
Amazon Web Services (AWS).
SAFE product and customers’ data can be hosted on any of the supported AWS regions worldwide. As a customer, when you sign up for SAFE, you are essentially allocated a tenant. As part of this process, you can select a region where the application data is stored. There are different types of data collected, processed, and managed by SAFE.
Refer to Data Residency in SAFE for more details.
Currently, SAFE is hosted in the following AWS regions:
SAFE encrypts the customers’ data in transit over public networks using TLS 1.2 to protect it from unauthorized disclosure or modification.
SAFE encrypts the customers’ data at rest using the AES 256-bit AWS KMS key.
SAFE uses AWS Key Management Service (KMS) for storing encryption keys. We allow our customers to provide their own AWS KMS key, and in such cases, the key generation and management access will completely be with the customer.
- Input Validation
- Output Encoding
- Cryptographic Practices
- Session Management
- Access Control
- Authentication and Password Management
- Error Handling and Logging
- Communication Security
- System Configuration
- Database Security
- File Management
- Memory Management
Third-party Security Assessment is performed using a 4-tier approach defined under Vendor Management Policy and Process. All the third parties are categorized based on the area of focus and criticality of business. A Questionnaire-based security assessment is performed for each of the third-party, and if the assessment report is found satisfactory, only then is the vendor allowed.
In addition, we perform Third-party Vendor Risk assessment for each third party using the SAFE. The assessment includes digital attack surface discovery based on their domain name, assessment via 100+ automated Outside-In assessment controls for Email Security, Network Security, DNS security, System Security, Application Security, Malware Servers, Breach Exposure, and more.
Additionally, we ensure cybersecurity awareness of our employees through the SAFE Me mobile application. SAFE Me performs mobile device assessment, scans for exposures on the dark web in real-time, and provides cybersecurity awareness training to our employees.
We have implemented an easy process to report any bug or security issues in our system. If you find any security issues, please write to us at [email protected] with all the related information.
If you are our existing customer, you can create a support ticket with all the necessary details.