IT GRC
Solid Foundation
We integrate in-depth with our IT GRC platform for information security management tasks.
Web 3.0 (includes for AI)
pageWeb 3.0 SecurityBlockchain/Web3
pageSecurity Tools (Web3)Privacy
Keeping a register of records of personal data processing
GDPR, CCPA & other Privacy compliance mechanisms
Conducting DPIA analysis
Consent management
Management of requests for exercising the rights of respondents
Management of personal data breaches by processing
Risk assessment by projects
Automatic risk identification from the knowledge base
Connection to the system of internal IT controls
Selection of controls from the knowledge base
Development of a catalog of IT services and processes (ITIL)
Support for conducting BIA business impact analysis
Knowledge base of controls and their connections with known standards (ISO 27001: 2013, ISO 27002: 2013, ISO 22301: 2019, CobiT, NIST, PCI DSS, CNB Decision, GDPR, Cyber Security Regulation)
Selection of KPI metrics for performance monitoring
Import data from Excel, CSV
API for data entry (REST, JSON)
Print and export all data to Excel, PDF, Word
Shopzyte IT GRC includes the processes of establishing a control environment, information risk management as part of day-to-day operations and checking compliance with the set control environment (Governance, Risk Management and Compliance).
Management
Defines the mechanisms used by the organization to ensure that everyone in the organization follows defined processes and policies/rules.
Risk Management
The process by which an organization sets an acceptable level of risk, analyzes and processes risks, and prioritizes them according to the organization's business objectives.
Asset Management
Creating a register of information assets
Compliance
A process that records and monitors the controls needed to ensure compliance with laws, regulatory obligations and internal policies/rules.
Information system from the knowledge base
Management of findings/vulnerabilities/non-compliances and recommendations
Interface and Integrations
Multi-user work
Security Overview
At Shopzyte, we don't just care about security to check boxes on a compliance form.
We are passionate about security.
It's part of our DNA, from the security options we provide for our users, to the rigorous security testing we do on our Detection System, to the core of our company culture.
Like the layers of the OSI model, each layer is important on its own, but also vital to the overall system.
Security in Our Software
In addition to providing you with configurable options for securing user accounts and access, we implement best-practices security for application design to prevent common attacks.
Two-Factor Authentication with Google Authenticator
One-way secure password hashing with bcrypt
Encrypted fields secured via with AES-256 encryption via OpenSSL
Granular user-roles restricting access
Option to enforce HTTPS-only cookies
Cookie options for Https only and encryption
CSRF protection using form tokens
SQL injection prevention using prepared statements
Input validation and output sanitization to prevent XSS
Option to enforce password minimum requirements
Option to prevent common passwords
Brute force prevention on login attempts
Middleware to enforce nosniff and SAMEORIGIN X-Frame-Options
Middleware to enforce a Content Security Policy (CSP)
Security in Our Process
Automated security controls are critical to any software workflow to reduce the amount of time from defect creation to defect detection. Our scans run on every code push, every time.
Static code analysis on every commit via Codacy and Sensiolabs
Automated blocking of dependencies with known security advisories
Continuous integration via our custom CICD tool
In-depth code reviews
Security in Our Platform
Software is only as secure as the system it runs on. We take a defense-in-depth approach to our server and network infrastructure. Customers on our hosted platform are secured through multiple layers of protection.
All connections secured via TLS 1.2 or higher
Best-practice security features such as firewalls and brute-force prevention
No multi-tenancy. Each customer has their own database.
Encrypted databases and drives
Customers are hosted in a data center in their own region
Enforced data retention policy of 3 years
Snapshots and individual data backups, tested regularly
Critical services are not accessible to the outside world
Code runs in tightly restricted domain environments
SSH access through whitelisted IPs via secure VPN only
IAM security profiles with two-factor authentication for our administrators
Detailed continuous system monitoring
We protect all email addresses and phone numbers on our sites and hide them from spambots
Security in Our Company
We know that humans are often the weakest link in the security chain, so we proactively educate our staff to identify potential threats, from sophisticated network attacks to social engineering and phishing attempts.
Well-established security policy reviewed quarterly
Ongoing technical security training for engineers
Security awareness training for all employees
Your Data
Looking for Your Data Management?
Please visit our My Data (aka DSAR) Page LINK
SUPPORT
In order to resolve a complaint regarding the Site or to receive further information regarding use of the Site, please contact us at:
pageπ’ SupportShopzyte (brand) by Lisaiceland (DBA)
Mailing Address (handled by our mail partner):
24600 Katy Fwy
Suite 834
Katy, TX 77494
United States
Please Note:
We respond within our SLA of 4 hours
Last updated