IT GRC
Last updated
Last updated
Solid
Foundation
We integrate in-depth with our IT GRC platform for information security management tasks.
Web 3.0 (includes for AI)
Blockchain/Web3
Consent management
Shopzyte IT GRC includes the processes of establishing a control environment, information risk management as part of day-to-day operations and checking compliance with the set control environment (Governance, Risk Management and Compliance).
Defines the mechanisms used by the organization to ensure that everyone in the organization follows defined processes and policies/rules.
Risk Management
The process by which an organization sets an acceptable level of risk, analyzes and processes risks, and prioritizes them according to the organization's business objectives.
Asset Management
Creating a register of information assets
Compliance
A process that records and monitors the controls needed to ensure compliance with laws, regulatory obligations and internal policies/rules.
Information system from the knowledge base
Management of findings/vulnerabilities/non-compliances and recommendations
Interface and Integrations
Multi-user work
Security Overview
At Shopzyte, we don't just care about security to check boxes on a compliance form.
We are passionate about security.
It's part of our DNA, from the security options we provide for our users, to the rigorous security testing we do on our Detection System, to the core of our company culture.
Like the layers of the OSI model, each layer is important on its own, but also vital to the overall system.
In addition to providing you with configurable options for securing user accounts and access, we implement best-practices security for application design to prevent common attacks.
Two-Factor Authentication with Google Authenticator
One-way secure password hashing with bcrypt
Encrypted fields secured via with AES-256 encryption via OpenSSL
Granular user-roles restricting access
Option to enforce HTTPS-only cookies
Cookie options for Https only and encryption
CSRF protection using form tokens
SQL injection prevention using prepared statements
Input validation and output sanitization to prevent XSS
Option to enforce password minimum requirements
Option to prevent common passwords
Brute force prevention on login attempts
Middleware to enforce nosniff and SAMEORIGIN X-Frame-Options
Middleware to enforce a Content Security Policy (CSP)
Automated security controls are critical to any software workflow to reduce the amount of time from defect creation to defect detection. Our scans run on every code push, every time.
Static code analysis on every commit via Codacy and Sensiolabs
Automated blocking of dependencies with known security advisories
Continuous integration via our custom CICD tool
In-depth code reviews
Data encryption: Protects healthcare information during storage and transmission
Firewalls: Prevent unauthorized access to networks
Electronic auditing systems: Require users to log in and create a record of their activity
Third-party audits: Can help ensure compliance
Regular daily backups: Ensure business continuity in case of database corruption or any occurrence of disaster
User access restrictions: Limit access to authorized IP addresses or ranges
Root access disablement: Closes a security backdoor and provides logs of user access
User credential login caching disablement: Prevents previous users' IDs from being displayed when logging in
Software is only as secure as the system it runs on. We take a defense-in-depth approach to our server and network infrastructure. Customers on our hosted platform are secured through multiple layers of protection.
All connections secured via TLS 1.2 or higher
Best-practice security features such as firewalls and brute-force prevention
No multi-tenancy. Each customer has their own database.
Encrypted databases and drives
Customers are hosted in a data center in their own region
Enforced data retention policy of 3 years
Snapshots and individual data backups, tested regularly
Critical services are not accessible to the outside world
Code runs in tightly restricted domain environments
SSH access through whitelisted IPs via secure VPN only
IAM security profiles with two-factor authentication for our administrators
Detailed continuous system monitoring
We protect all email addresses and phone numbers on our sites and hide them from spambots
We know that humans are often the weakest link in the security chain, so we proactively educate our staff to identify potential threats, from sophisticated network attacks to social engineering and phishing attempts.
Well-established security policy reviewed quarterly
Ongoing technical security training for engineers
Security awareness training for all employees
In order to resolve any issues, complaints or suggestions regarding our websites, apps or to receive further information regarding use of our sites (the Site), please contact us at:
Shopzyte (brand) is part of Partnered Brands (brand) by Lisaiceland
We respond within our SLA of 4 hours
ALL Support is handled through our Support Portal
© Copyright 2024 Shopzyte (brand) Partnered Brand Marketplace Tools by Lisaiceland (DBA). Proudly made with 💞in the USA. An opensource partnered project that has AI with Blockchain, and a mainstay climate mitigation feature. All registrations and rights are protected and reserved worldwide.