SECURITY AT DAYTA
Security Governance
Practice
Enterprise-grade data and network protection
ISO/IEC 27001:2013
ISO Compliant
ISO/IEC 27001 is the international standard for information security. It sets out the specification for an effective ISMS (information security management system).
Complying with ISO 27001's best-practice approach helps us manage our information security by addressing people, processes and technology.
Application Security
Software Security
Patch management
Dayta implements automated patch management service integrated with our software development lifecycle that identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.
Vulnerability Assessment & Penetration Testing
Vulnerability Assessment
Dayta tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
Software Development Lifecycle (SDLC) Security
Dayta implements very strict static code analysis tools and human review processes to ensure consistent quality in our software development practices.
Physical Security
Dayta products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.
End-to-end Encryption
All communications inbound and outbound from our software are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.
All information at rest in our database and data centres are encrypted with key management service that uses hardware security modules (HSMs) that have been validated under FIPS 140-2.
Web and Network Protection
Dayta monitors and mitigates potential attacks with several tools, including firewalls implemented in all layers from application to the network. Besides, our infrastructure contains a Distributed Denial of Service (DDoS) prevention defences to help protect your data and access our products.
Regular Reviews
To maintain our compliance to ISO 27001, policies and guidelines must be reviewed at least annually to ensure the contents are timely and consistent.
IS 784788