Infrastructure Security

DDoS Protection

Softrate™ implements a high-quality DDoS protection service that efficiently fights against Layer 3, Layer 4, and Layer 7 DDoS attacks while maintaining uninterrupted authorized traffic flow.

Network Segmentation

Softrate™ has implemented a network isolation technique to safeguard sensitive information systems against security breaches and ensure their protection.

Monitoring

Softrate™ continuously monitors the availability, capacity, and security of its systems, and takes prompt action in case of any deviations.

Vulnerability Management

Softrate™ has a well-established vulnerability management technique that entails assessing the severity and impact of each vulnerability, prioritizing them according to risk, and taking necessary remediation actions to maintain the security and integrity of our systems.

Datacenter Security

In their data centers, AWS and GCP use world-class physical security includes such as strict access controls, video surveillance, intrusion detection systems, and 24/7 monitoring. These safeguards prevent unauthorized access and physical threats while also providing a secure hosting environment for our platform.

Secure Configuration Management

Our protocols ensure that operating systems and applications are configured securely, with default passwords and unneeded functions disabled. We establish and enforce security baselines often, track system configuration changes, and adhere to industry best practices such as CIS.

Disaster Recovery

We have Infrastructure as Code (IaaC) scripts that can be quickly deployed to a new environment. Our comprehensive Disaster Recovery (DR) plan maintains business continuity, and annual testing confirms its success in limiting potential interruptions and minimizing downtime.

Uptime Commitment

We commit to a 99% uptime for our platform, and any failures will result in service credit. You can track our availability and historic uptime at

Data Security

Encryption

AES 256, the industry standard for encryption, is utilized to encrypt all data at rest on our platform. Similarly, when data is in transit either within our network or over the internet, it is encrypted using HTTPS with TLS 1.2+ to ensure secure transmission.

Retention and Erasure of Data

Throughout the period of service usage, Softrate™ will uphold the maintenance of customer data. However, upon termination of the services, all data will be permanently erased from the production environment within 30 days, and from the backup system within 90 days.

Data Portability

Upon request, customers will have the option to export their data in a machine-readable format, ensuring seamless data portability after the termination of the service.

Application Security

Secure Software Development

We have a well-established change management procedure in place that ensures all code changes are authorized, tested, and verified before being sent to the production environment. This ensures that only permitted and thoroughly validated code changes are made.

Code Reviews

We adhere to secure coding practices throughout the development process and employ stringent quality gating measures, including static code analysis, to ensure the highest level of code integrity.

Automated Code Deployment

Our CICD pipeline enables secure and automated code movement without manual interventions. It ensures smooth integration, deployment, and adherence to predefined security protocols, enhancing efficiency and reliability.

Organizational Security

Third Party Security Assessment

We conduct security assessments of third-party vendors and review their contracts for security and data protection clauses. We obtain third-party audits or certifications for compliance validation and have a process to assess and manage security risks associated with third-party dependencies. Security incidents involving third-party vendors are promptly investigated and addressed.

Regulatory Compliance

Regular audits are conducted to ensure ongoing compliance, and we have a process to address and rectify any non-compliance issues. Privacy and data protection regulations, such as GDPR or HIPAA, are considered, along with specific compliance requirements of our industry or market.

Business Continuity

Softrate™ has robust Business Continuity Planning (BCP) guaranteeing uninterrupted service delivery, mitigating risks, and enabling swift recovery from potential disruptions or unforeseen events.

Security Awareness

All Softrate offices are under 24/7 CCTV survellience and employees undergo mandatory security and privacy awareness training program, supported by posters and regular awareness messages, ensuring a culture of vigilance and adherence to security and privacy practices.