Panaseer Trust Center

Yes, we have. We were re-certified in November 2023 and a copy of our Statement of Applicability; ISO certificate is displayed in this section of the website and our external audit report summary is available upon request under NDA.

Yes, we are aligned to ISO31000.

Yes, we have policies covering all aspects of information security that form a part of our ISMS (Information Security Management System). At a high level, these policies include; Starters and leavers; Cryptography; BYOD; Anti-virus; Cloud security; Supplier management; Risk management; Vulnerability management; Incident management; Asset management; and more.

Yes, our solution is SAAS (Software as a Service) and is hosted in AWS (Amazon Web Services). We have regions in the EU (European Union), US and Canada which provides digital sovereignty for our clients operating out of those regions.

Yes, all data is encrypted at rest (AES 256) and in transit (TLS – Transport Layer Security – 1.2).

Yes, annually. These summarized reports are available upon request under a MNDA.

Yes, our ISMS is managed by our full time Information Security Manager.

Yes, we perform regular backups and are fully encrypted and tested.

Yes, we follow OWASP10 best practices and our SSDLC (Secure system development lifecycle) is fully embedded in our development workflow and all developers are trained both on the SSDLC and the OWASP10.

Yes, all staff are trained twice a year, and the training is mandatory. The training covers all the core aspects of information security and privacy.

Yes, and it is tested over the course of three years in full. We also conduct yearly tabletop exercises as well as yearly disaster recovery testing.

Yes, we conduct regular DAST (Dynamic application security testing), SAST (Static application security testing) and dependency scanning across our environments and all findings are subject to our remediation policy. We have a dedicated team that tracks open vulnerabilities.

Yes, we have our own technical internal audits, we also hire specialized consultants to audit our ISMS and we have external auditors for our ISO27001 certification.

Yes, we have a very thorough incident management process which is tested and audited. We would notify a customer in the event of a breach within 24 hours.

Yes, we are, and we conducted a full GDPR (General Data Protection Regulation) gap analysis in 2022.

Yes, we are. We have adequate multi-layered cyber insurance in place with reputable insurers.

Yes, annually, or when a major change occurs. These reports are available upon request under NDA, and any findings are subject to our remediation policy.

Yes, we have a supplier relationship process whereby we screen all suppliers and monitor them.

Yes, all Panaseer employees that handle client data undergo full background checks.

Yes, this is covered in our SSDLC. In short, all changes must have approval.

Yes, our entire estate is protected from malware, patched regularly, encrypted and has MFA (Multi Factor Authentication) and SSO.

We use AWS as our Cloud Service Provider, Snowflake as our data warehouse and Pendo as our User Analytics platform. These are essential sub-processors to ensure our Platform is delivered as efficiently as possible. All sub-processors have undergone due diligence and a data protection impact assessment has been conducted. These are available upon request under a mutual non-disclosure agreement.

AWS hosts our Infrastructure (IAAS), Snowflake mirrors this environment and Pendo collects usernames and user behaviour, it does not collect any vulnerability data.