Cymonix is constantly expanding security and compliance initiatives to support our customers
Security
Our platform is constructed with security seamlessly integrated into every phase of the software development lifecycle. Employing stringent operational security measures, including penetration testing, vulnerability assessments, and robust internal access controls, we prioritize the safety of your data. Our commitment to transparency is paramount—we openly disclose our operational practices and collaborate closely with our customers and partners to fulfill their specific security requirements
Organizational
Security is foundational from day one, and we consider it a collective responsibility. All team members undergo comprehensive security, privacy, and compliance training upon joining to safeguard both Cymonix and customer data. Our Information Security team imparts continuous knowledge and skills to mitigate security risks through an ongoing security training and awareness program.
This commitment extends to our leadership, where the Executive Leadership Team, comprising executives from various functions, spearheads alignment and ensures that security awareness permeates the organization. Cymonix rigorously screens all employees before hiring, leveraging third-party experts to conduct background checks encompassing criminal, education, employment, financial, and, when applicable, drug screening.
Software Development Lifecyle
Cymonix employs a comprehensive software development lifecycle (SDLC) that prioritizes security at every stage, from initial feature requests to ongoing production monitoring. Our approach is fortified by specialized tooling designed to meticulously trace features through the lifecycle. We conduct automatic security scans on systems, libraries, and code, coupled with automated vulnerability tracking. All code undergoes scrutiny within a source control system, mandating single sign-on with multifactor authentication and featuring granular permissions. Prior to code merge, approval is requisite from functional engineering owners in each affected area, and all code is subjected to peer review.
Our commitment to quality is evident through a series of checks, including unit tests and end-to-end tests, performed at key junctures of the SDLC such as code merge, post-code merge, release, and in production. The testing regimen spans unit and regression tests, integration tests across diverse platforms and systems, chaos and stress testing, alongside comprehensive performance benchmarking.
Business Continuity
We have developed and consistently uphold disaster recovery and business continuity plans to ensure the reliability and recoverability of Cymonix software. Our resilience testing spans multiple cloud providers, and we rigorously implement and test backup and restore procedures to fortify our preparedness.
Business Continuity Vulnerability Assessments & Management
Identifying and promptly addressing vulnerable software is a paramount responsibility for any software or service provider, be it within your codebase or the software dependencies you rely on. We approach this duty with the utmost seriousness and furnish details about our remediation timelines in our Support Policy.
Network Security
We enforce proactive security measures, including perimeter defense and network intrusion prevention systems. Regular assessments and penetration testing of the Cymonix network infrastructure are diligently carried out, with evaluations conducted by both internal Cymonix resources and third-party security professionals.
Vulnerability & Penetration Testing
Internally, we leverage widely recognised security scanning tools to detect vulnerabilities within the platform. Cymonix also enlists the services of third-party providers to assess our public-facing internet sites and pinpoint potential risks. Any Severity-0 vulnerabilities, particularly those actively exploited, are addressed with the utmost urgency, taking precedence over all other rollouts. Furthermore, we collaborate with external entities to conduct penetration testing on both our network infrastructure and applications.
Incident Management
We’ve established a comprehensive security incident response plan encompassing all facets of the Cymonix team, including CloudOps, Development, Support, Legal, Finance, and Executives. For any security-related inquiries, customers are encouraged to contact support@cymonix.com
Cloud Architecture
Our cloud architecture is meticulously crafted to segregate and limit data access in alignment with individual customer requirements. The cloud environment utilized by Cymonix ensures logical data separation and enforces role-based access privileges, all managed at a customer-specific level. Furthermore, production and testing environments are kept distinctly separated.