Panaseer Trust Center

Yes, we have. We were certified in November 2022 and a copy of our Statement of Applicability; ISO certificate and external audit report summary is available upon request under a Mutual Non-Disclosure Agreement (MNDA).

Yes, we are aligned to ISO31000.

Yes, we have policies covering all aspects of information security that form a part of our ISMS (Information Security Management System). At a high level, these policies include; Starters and leavers; Cryptography; BYOD; Anti-virus; Cloud security; Supplier management; Risk management; Vulnerability management; Incident management; Asset management; and more.

Yes, our solution is SAAS (Software as a Service) and is hosted in AWS (Amazon Web Services). We have regions in the EU (European Union), US and Canada which provides digital sovereignty for our clients operating out of those regions. Go here for more information.

Yes, all data is encrypted at rest (AES 256) and in transit (TLS – Transport Layer Security – 1.2).

Yes, annually. These summarized reports are available upon request under a MNDA.

Yes, our ISMS is managed by our full time Information Security Manager.

Yes, we perform regular backups and are fully encrypted and tested.

Yes, we follow OWASP10 best practices and our SSDLC (Secure system development lifecycle) is fully embedded in our development workflow and all developers are trained both on the SSDLC and the OWASP10.

Yes, all staff are trained twice a year, and the training is mandatory. The training covers core aspects of information security and privacy.

Yes, and it is tested over the course of three years in full. We also conduct yearly tabletop exercises as well as yearly disaster recovery testing.

Yes, we conduct regular DAST (Dynamic application security testing), SAST (Static application security testing) and dependency scanning across our environments and all findings are subject to our remediation policy. We have a dedicated team that tracks open vulnerabilities, this includes tracking endpoint vulnerabilities.

Yes, we have our own technical internal audits, we also hire specialized consultants to audit our ISMS and we have external auditors for our ISO27001 certification.

Yes, we have a very thorough incident management process which is tested and audited. We would notify a customer in the event of a breach within 24 hours.

Yes, we are, and we conducted a full GDPR (General Data Protection Regulation) gap analysis in 2022.

Yes, we are. We can disclose these details upon request.

Yes, annually, or when a major change occurs. These reports are available upon request under a MNDA, and any findings are subject to our remediation policy.

Yes, we have a supplier relationship process whereby we screen all suppliers and monitor them.

Yes, all Panaseer employees that handle client data undergo full background checks.

Yes, this is covered in our SSDLC. In short, all changes must have approval. If you wish to obtain a copy of our SSDLC then please contact us and this can be arranged under a MNDA.

Yes, our entire estate is protected from malware, patched regularly, fully encrypted and has MFA (Multi Factor Authentication) and SSO authentication. We have adopted CIS (Center for Internet Security) Level One best practices and policies across the estate.