euquista Contact

Security Protocol

Introduction

Purpose

The purpose of this security protocol is to establish a framework for safeguarding euquista’s digital and physical assets. It outlines the necessary policies, procedures, and guidelines to protect sensitive information, prevent unauthorized access, and ensure the confidentiality, integrity, and availability of euquista’s data and systems, as well as the data of our customers in collaborative contexts. By implementing and adhering to this security protocol, euquista aims to minimize the risk of security incidents, maintain compliance with applicable laws and regulations, and foster a culture of security awareness among all involved.

Scope

This security protocol applies to all euquista employees, contractors, advisors, and third-party vendors (hereafter called “individuals”) who access, process, or store our data and systems. It encompasses all hardware, software, and data storage devices owned, processed, or operated by euquista, extending to remote access, mobile devices, and cloud-based services.

Roles and responsibilities

Individuals are responsible for adhering to this security protocol and ensuring that their actions do not compromise the security of euquista’s data and systems. This introduction sets the foundation for euquista’s security protocol.

Security contact

For questions or to report an issue, please reach out to:

  • +32 498 12 10 20

Physical security

Access control

  • Lost or stolen access credentials (such as physical keys or keycards) must be reported immediately to the security contact, and corresponding access rights must be revoked or updated as needed.
  • Any suspicious activity or unauthorized access attempts must be reported to the security contact immediately.

Visitor management

  • Visitors must be escorted at all times while in non-public areas (e.g., the office area).

Security of physical documents

  • Access to sensitive documents must be limited to authorized persons.
  • When disposing of sensitive documents, shredders or secure disposal bins should be used.
  • Individuals must not leave sensitive documents unattended in public areas or on desks overnight.

Digital security

Compliance audits

  • Regular compliance audits will be conducted to verify that individuals adhere to this security protocol. These audits will include checks on device security, password management, access control, and adherence to data handling procedures.
  • Audits will be conducted at least biannually, and corrective actions will be taken if any non-compliance is identified.

Password and authentication policies

  • Individuals must use unique and strong passwords (preferably long and complex for better security) for each of their accounts and devices.
  • Multi-factor authentication (MFA) must be enabled for all applications that support it and enforced as much as possible.
  • Password sharing is strictly prohibited.
  • Individuals should never write down their passwords or store them in an unsecured manner (e.g., in a shared document or drive) and should use a password manager.
  • Devices must be locked when not in use to prevent unauthorized access.

Data handling procedures

  • Data encryption should be implemented for sensitive data, both at rest and in transit.
  • Only Google Drive is to be used for storing and sharing data, as it is configured in line with this security protocol and provides strong encryption and access control features. Ensure that access control protocols are followed, such as limiting shared access to authorized individuals only and using restricted permissions where appropriate.

Encryption protocols for data storage and transmission

  • Secure communication protocols, such as HTTPS, SSL/TLS, or VPN, must be used when transmitting sensitive data over the internet.
  • Individuals must not transmit sensitive data through unsecured or personal email accounts.

Secure disposal of electronic devices and data storage media

  • When disposing of or recycling electronic devices and storage media, all sensitive data must be securely wiped or destroyed to prevent unauthorized access.
  • Hard drives, USB drives, and other storage media must be either physically destroyed or securely erased.

Device policies

  • Full disk encryption should be applied on all computers (e.g., BitLocker on Windows and FileVault on Mac).
  • Mobile devices must be protected with a passcode and biometric authentication.
  • Software updates must be applied promptly to all devices, ideally within 14 days of release or as soon as possible for critical updates.
  • Lost or stolen mobile devices must be reported immediately, and appropriate measures should be taken to remotely wipe the device or revoke access privileges.

Email and communication security

  • Be vigilant against phishing attempts and verify the authenticity of emails before clicking on links or opening attachments. If possible, avoid clicking on email links entirely, and manually navigate to the intended destination.

Reporting and responding to security incidents

  • Individuals have a responsibility to report any security incidents or potential threats to the security contact immediately.
  • Euquista will investigate all reported incidents, assess the situation, and take appropriate actions to address the issue. The security protocol will be updated based on lessons learned.

Software development-specific security protocols

Automated testing

  • We use automated tests, including unit tests, integration tests, and end-to-end tests, to minimize bugs and maximize application security, ensuring that potential issues are caught early and resolved before deployment.

Secure coding standards

  • Developers must demonstrate familiarity with secure coding practices outlined in the OWASP Top Ten to prevent common vulnerabilities such as SQL injection, cross-site scripting (XSS), and buffer overflows.
  • Code must undergo regular peer reviews to identify potential vulnerabilities and ensure adherence to secure coding standards.

Environment and version management

  • Development, staging, and production environments must be separated to prevent cross-contamination and ensure each environment’s security. No access to production data should be granted unless it has been anonymized.
  • We use Git as our version control system to track changes, manage releases, and enable rollbacks when necessary. Git is configured with branch protection rules, access control, and mandatory code reviews to ensure the security and integrity of our codebase.

Access control for code repositories

  • Access to code repositories must be limited to authorized personnel only, based on the principle of least privilege. Roles and specific access levels are defined to ensure that individuals have only the permissions necessary to perform their tasks effectively.
  • Developers must use SSH keys or other secure authentication mechanisms to access code repositories.

Dependency management

  • All third-party libraries and dependencies must be managed and monitored to identify known vulnerabilities.
  • We use automated tools for dependency checking to ensure third-party code remains secure.

API security

  • All APIs must be secured using standard authentication and authorization protocols, such as OAuth2.
  • Data exposed by APIs must be limited to the minimum required, and sensitive data should be properly encrypted.

Incident response for software development

  • In case of a software-related security incident, the incident must be reported to the security contact immediately.
  • A root cause analysis will be conducted for each incident to prevent recurrence, and all findings will be documented.
Prev
Companies that inspired us
Next
Privacy Policy