At Spherity, we prioritize the security and privacy of our customers' data and the systems we develop. The management and protection of information assets is one of Spherity’s most important challenges. Information management has been identified as an essential value of Spherity’s business operations. This document outlines our commitment to maintaining the highest level of security in our software solutions, the measures we employ to protect sensitive information, and our ongoing efforts to stay up-to-date with industry best practices.
This security document applies to any of Spherity’s apps and services used in production.
We safeguard the confidentiality of our customers' data by implementing strong access controls and encryption techniques to prevent unauthorized access.
We maintain the integrity of our software by employing secure coding practices, performing regular vulnerability assessments, and promptly addressing any identified issues to prevent data tampering or unauthorized modifications.
Further, we implement comprehensive, revision-proof audit logging for relevant write, delete, and administrative operations. These logs include timestamps and user identity to ensure full traceability.
We ensure high availability and resilience of our software by employing a multi-tenant architecture with strict tenant isolation and a redundant hosting infrastructure designed across multiple availability zones (Multi-AZ). We conduct daily encrypted backups with a 10-day retention period and maintain a Business Continuity and Disaster Recovery Plan with target recovery objectives of RPO < 24h and RTO < 4h.
We respect and protect the privacy of our customers' data by adhering to applicable data protection regulations and industry best practices.
Our software development team follows industry-standard secure coding policies. Appropriate policies, standards, and documentation are taken into account to ensure a secure development process and to give development teams guidelines and policies to follow. To further increase our applications’ security, Spherity’s policies pay special attention to the elimination of attack vectors in our applications and to also follow the guidelines and recommendations of the Open Web Application Security Project (OWASP).
We implement secure user authentication mechanisms, such as strong password policies, multi-factor authentication (MFA), and role-based access controls (RBAC), to ensure that only authorized individuals can access sensitive information.
Furthermore, physical protection of the infrastructure is ensured by certified data center operators through rigorous controls, including mandatory identification, video surveillance, and perimeter protection.