IT GRC

Solid Foundation

We integrate in-depth with our IT GRC platform for information security management tasks.

Web 3.0 (includes for AI)

Blockchain/Web3

Live Cyber Threat Map | Check Point

Privacy

• Keeping a register of records of personal data processing

• GDPR, CCPA & other Privacy compliance mechanisms

• Conducting DPIA analysis

Consent management

• Management of requests for exercising the rights of respondents

• Management of personal data breaches by processing

• Risk assessment by projects

• Automatic risk identification from the knowledge base

• Connection to the system of internal IT controls

• Selection of controls from the knowledge base

• Development of a catalog of IT services and processes (ITIL)

• Support for conducting BIA business impact analysis

• Knowledge base of controls and their connections with known standards (ISO 27001: 2013, ISO 27002: 2013, ISO 22301: 2019, CobiT, NIST, PCI DSS, CNB Decision, GDPR, Cyber Security Regulation)

• Selection of KPI metrics for performance monitoring

  • Import data from Excel, CSV

  • API for data entry (REST, JSON)

  • Print and export all data to Excel, PDF, Word

• Shopzyte IT GRC includes the processes of establishing a control environment, information risk management as part of day-to-day operations and checking compliance with the set control environment (Governance, Risk Management and Compliance).

Management

Defines the mechanisms used by the organization to ensure that everyone in the organization follows defined processes and policies/rules.

Risk Management

The process by which an organization sets an acceptable level of risk, analyzes and processes risks, and prioritizes them according to the organization's business objectives.

Asset Management

Creating a register of information assets

Compliance

A process that records and monitors the controls needed to ensure compliance with laws, regulatory obligations and internal policies/rules.

Information system from the knowledge base

Management of findings/vulnerabilities/non-compliances and recommendations

Interface and Integrations

Multi-user work

Security Overview

At Shopzyte, we don't just care about security to check boxes on a compliance form.

• We are passionate about security.

• It's part of our DNA, from the security options we provide for our users, to the rigorous security testing we do on our Detection System, to the core of our company culture.

• Like the layers of the OSI model, each layer is important on its own, but also vital to the overall system.

Software Security

In addition to providing you with configurable options for securing user accounts and access, we implement best-practices security for application design to prevent common attacks.

• Two-Factor Authentication with Google Authenticator

• One-way secure password hashing with bcrypt

• Encrypted fields secured via with AES-256 encryption via OpenSSL

• Granular user-roles restricting access

• Option to enforce HTTPS-only cookies

• Cookie options for Https only and encryption

• CSRF protection using form tokens

• SQL injection prevention using prepared statements

• Input validation and output sanitization to prevent XSS

• Option to enforce password minimum requirements

• Option to prevent common passwords

• Brute force prevention on login attempts

• Middleware to enforce nosniff and SAMEORIGIN X-Frame-Options

• Middleware to enforce a Content Security Policy (CSP)

Business Process Security

• Automated security controls are critical to any software workflow to reduce the amount of time from defect creation to defect detection. Our scans run on every code push, every time.

• Static code analysis on every commit via Codacy and Sensiolabs

• Automated blocking of dependencies with known security advisories

• Continuous integration via our custom CICD tool

• In-depth code reviews

HIPAA, SOC 1 & II & PCI DSS Extra Steps

• Data encryption: Protects healthcare information during storage and transmission

• Firewalls: Prevent unauthorized access to networks

• Electronic auditing systems: Require users to log in and create a record of their activity

• Third-party audits: Can help ensure compliance

• Regular daily backups: Ensure business continuity in case of database corruption or any occurrence of disaster

• User access restrictions: Limit access to authorized IP addresses or ranges

• Root access disablement: Closes a security backdoor and provides logs of user access

• User credential login caching disablement: Prevents previous users' IDs from being displayed when logging in

Platform Security

• Software is only as secure as the system it runs on. We take a defense-in-depth approach to our server and network infrastructure. Customers on our hosted platform are secured through multiple layers of protection.

• All connections secured via TLS 1.2 or higher

• Best-practice security features such as firewalls and brute-force prevention

• No multi-tenancy. Each customer has their own database.

• Encrypted databases and drives

• Customers are hosted in a data center in their own region

• Enforced data retention policy of 3 years

• Snapshots and individual data backups, tested regularly

• Critical services are not accessible to the outside world

• Code runs in tightly restricted domain environments

• SSH access through whitelisted IPs via secure VPN only

• IAM security profiles with two-factor authentication for our administrators

• Detailed continuous system monitoring

• We protect all email addresses and phone numbers on our sites and hide them from spambots

Company Security

We know that humans are often the weakest link in the security chain, so we proactively educate our staff to identify potential threats, from sophisticated network attacks to social engineering and phishing attempts.

• Well-established security policy reviewed quarterly

• Ongoing technical security training for engineers

• Security awareness training for all employees

Data Management?

In order to resolve any issues, complaints or suggestions regarding our websites, apps or to receive further information regarding use of our sites (the Site), please contact us at:

SUPPORT

• Shopzyte (brand) is part of Partnered Brands (brand) by Lisaiceland

• We respond within our SLA of 4 hours

• ALL Support is handled through our Support Portal

Help save lives in Gaza, Afghanistan, Sudan, and in 70+ countries

© Copyright 2024 Shopzyte (brand) Partnered Brands Marketplace Tools by Lisaiceland (DBA). Proudly made with 💞in the USA. An opensource partnered project that has AI with Blockchain, and a mainstay climate mitigation feature. All registrations and rights are protected and reserved worldwide.