Security risk assessment is an integral part of our software development life cycle.
Data Privacy & Security
Trust Matters: Checkstep’s commitment to you
In line with laws and regulations governing the use and access of data, Checkstep’s security team will act and make decisions as is required to properly respond to a security incident or breach.
Data protection and privacy
Resilience and Uptime
Where is your datacentre?
Checkstep is utilizing AWS as the cloud provider, the region for storing and processing is the Ireland. This means the data is kept within EU and GDPR laws apply.
What is the retention period of the logs and temporary data?
Retention period for the logs is generally 6 months, unless asked specifically. This period complies with the regulations and gives us a wide enough window to troubleshoot any problems that would come from client requests. The retention period for the processed data is not really applicable, since Checkstep doesn’t keep a copy of the processed item, we only gather meta-data (IP address, time, etc..) and for that 6 months period is applied.
What security controls have you implemented?
In general, our control fabric is aligned with our policies, risk management program and industry best practices and standards. We secure access to all our systems and ensure that all access is based on the principle of least privilege.
All employees are required to use a password manager, with a unique strong password and multi-factor authentication by default for all accounts.
Access to our cloud infrastructure has restricted permissions using role based access controls, with access alerts and auditing in place. Encryption, audit logging, password policy etc are in place.
Our infrastructure is secured using internal networks protected by segmenting them and applying strict rules for the communication between them. Access to the network configuration is restricted and only allowed on the basis of least privilege.
How do you secure access to the data?
General rule of “least privilege” is being applied. This results in the fact, that only few people have access to the infrastructure at all and even less have the rights to the production data. For those selected employees there are still few barriers (VPN, strong password, bastion server, strong database password) to jump.