Introduction
Advancing digitization is constantly presenting companies with new challenges and threats, especially when it comes to security issues. As a SaaS service provider, Smint.io must ensure the protection of our customers and their data, our trade secrets and last but not least of our reputation.
That’s why security is one of our top priorities and why it is central to our company’s success. We integrate security aspects into all our business activities.
We rely on state-of-the-art security measures and adhere to best practices in order to continuously develop our robust and reliable security infrastructure.
We identify, assess and proactively address potential security risks. We rely on a combination of technical solutions, training for our employees and strict security policies. This allows us to ensure security and integrity of our systems.
We define policies and measures, monitor compliance with them and demonstrate our security and compliance to external auditors every year.
Principles
Our policies are based on the following foundational principles:
Principle of least privilege
Access should be limited to only those with a legitimate business need.
Principle of consistency
Security controls should consistently be applied across all areas of the company.
Principle of defense-in-depth
Multiple layers of security controls should create redundancies if individual measures fail.
Principle of gradual implementation
The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
Security
Information security program
An information security program has been developed and implemented, and is maintained, designed to protect the security, integrity, and confidentiality of the system and its information.
Risk assessments
Risk assessments are performed for both internal and external threats to the system and its information.
Development processes
Development processes have been designed and implemented, and are maintained, to detect security issues that may occur during the software development lifecycle
Security assessments
Regular security assessments are performed.
Penetration tests, vulnerability scans
Regular penetration tests and vulnerability scans are performed.
Access control
Data processing systems are secured and protected from unauthorized access, e.g. by the use of phishing-resistant authentication factors, or by carefully managing employee’s access to applications and data.
Security education
Our employees receive extensive security training during onboarding and through regular educational courses. The courses cover the current threat landscape, attack vectors, and important principles of security.
Endpoint protection
All company devices are centrally managed and are equipped with mobile device management software and anti-malware protection.
Protection of customer data
Data protection is a top priority for us – we strive to handle all sensitive data in a trustworthy manner.
Customer data is secured and protected from unauthorized access, use, modification, disclosure, destruction or loss.
This includes encrypting customer data at rest, and using secure and encryped protocols to transfer data between our services, or between our services and our users.
Regular system updates
Our systems are regularily updated to close security vulnerabilities.
Management of incidents
Security incidents and events are identified and remediated.
Privacy
Naturally, data privacy is very important for us, as Smint.io is a company based in the European Union.
We maintain compliance with the EU General Data Protection Regulation (GDPR). You can find more information about that in our Privacy Policy.
Conclusion
In addition, we are committed to complying with all legal and regulatory requirements related to security.
We take our responsibility seriously and continuously invest in improving our security infrastructure.
We also recognize that security is a dynamic field and the threat landscape is constantly changing. Therefore, we always remain vigilant and react quickly to new challenges. We promote a safety culture in which every employee is aware of risks and helps to protect our systems.
This is how we ensure that we live up to the highest standards. We firmly believe that a high level of security forms the basis for growth, innovation and long-term success.
Our customers and partners can trust that we treat and protect their data and information with the utmost care.