Page cover image

IT GRC

Solid Foundation

We integrate in-depth with our IT GRC platform for information security management tasks.

Web 3.0 (includes for AI)

pageWeb 3.0 Security

Blockchain/Web3

pageSecurity Tools (Web3)
pageSystems 🟢

Privacy

  • Keeping a register of records of personal data processing

  • GDPR, CCPA & other Privacy compliance mechanisms

  • Conducting DPIA analysis

Consent management

  • Management of requests for exercising the rights of respondents

  • Management of personal data breaches by processing

  • Risk assessment by projects

  • Automatic risk identification from the knowledge base

  • Connection to the system of internal IT controls

  • Selection of controls from the knowledge base

  • Development of a catalog of IT services and processes (ITIL)

  • Support for conducting BIA business impact analysis

  • Knowledge base of controls and their connections with known standards (ISO 27001: 2013, ISO 27002: 2013, ISO 22301: 2019, CobiT, NIST, PCI DSS, CNB Decision, GDPR, Cyber Security Regulation)

  • Selection of KPI metrics for performance monitoring

    • Import data from Excel, CSV

    • API for data entry (REST, JSON)

    • Print and export all data to Excel, PDF, Word

  • Shopzyte IT GRC includes the processes of establishing a control environment, information risk management as part of day-to-day operations and checking compliance with the set control environment (Governance, Risk Management and Compliance).

Management

Defines the mechanisms used by the organization to ensure that everyone in the organization follows defined processes and policies/rules.

Risk Management

The process by which an organization sets an acceptable level of risk, analyzes and processes risks, and prioritizes them according to the organization's business objectives.

Asset Management

Creating a register of information assets

Compliance

A process that records and monitors the controls needed to ensure compliance with laws, regulatory obligations and internal policies/rules.

Information system from the knowledge base

Management of findings/vulnerabilities/non-compliances and recommendations

Interface and Integrations

Multi-user work

Security Overview

At Shopzyte, we don't just care about security to check boxes on a compliance form.

  • We are passionate about security.

  • It's part of our DNA, from the security options we provide for our users, to the rigorous security testing we do on our Detection System, to the core of our company culture.

  • Like the layers of the OSI model, each layer is important on its own, but also vital to the overall system.

Security in Our Software

In addition to providing you with configurable options for securing user accounts and access, we implement best-practices security for application design to prevent common attacks.

  • Two-Factor Authentication with Google Authenticator

  • One-way secure password hashing with bcrypt

  • Encrypted fields secured via with AES-256 encryption via OpenSSL

  • Granular user-roles restricting access

  • Option to enforce HTTPS-only cookies

  • Cookie options for Https only and encryption

  • CSRF protection using form tokens

  • SQL injection prevention using prepared statements

  • Input validation and output sanitization to prevent XSS

  • Option to enforce password minimum requirements

  • Option to prevent common passwords

  • Brute force prevention on login attempts

  • Middleware to enforce nosniff and SAMEORIGIN X-Frame-Options

  • Middleware to enforce a Content Security Policy (CSP)

Security in Our Process

  • Automated security controls are critical to any software workflow to reduce the amount of time from defect creation to defect detection. Our scans run on every code push, every time.

  • Static code analysis on every commit via Codacy and Sensiolabs

  • Automated blocking of dependencies with known security advisories

  • Continuous integration via our custom CICD tool

  • In-depth code reviews

Security in Our Platform

  • Software is only as secure as the system it runs on. We take a defense-in-depth approach to our server and network infrastructure. Customers on our hosted platform are secured through multiple layers of protection.

  • All connections secured via TLS 1.2 or higher

  • Best-practice security features such as firewalls and brute-force prevention

  • No multi-tenancy. Each customer has their own database.

  • Encrypted databases and drives

  • Customers are hosted in a data center in their own region

  • Enforced data retention policy of 3 years

  • Snapshots and individual data backups, tested regularly

  • Critical services are not accessible to the outside world

  • Code runs in tightly restricted domain environments

  • SSH access through whitelisted IPs via secure VPN only

  • IAM security profiles with two-factor authentication for our administrators

  • Detailed continuous system monitoring

  • We protect all email addresses and phone numbers on our sites and hide them from spambots

Security in Our Company

We know that humans are often the weakest link in the security chain, so we proactively educate our staff to identify potential threats, from sophisticated network attacks to social engineering and phishing attempts.

  • Well-established security policy reviewed quarterly

  • Ongoing technical security training for engineers

  • Security awareness training for all employees

pageSecurity (dev)

Your Data

Looking for Your Data Management?

Please visit our My Data (aka DSAR) Page LINK

SUPPORT

In order to resolve a complaint regarding the Site or to receive further information regarding use of the Site, please contact us at:

page🟢 Support

Shopzyte (brand) by Lisaiceland (DBA)

Mailing Address (handled by our mail partner):

24600 Katy Fwy

Suite 834

Katy, TX 77494

United States

Please Note:

We respond within our SLA of 4 hours

Last updated