Sophus controls
As part of our security program, Sophus has implemented a range of controls to maintain compliance.
Product Security (7)
Production System User Review
Awareness for Incidents
response actions in accordance with established incident management policies and procedures.
Vulnerability Remediation Process
Centralized Management of Flaw Remediation
Audit Logging
Data Security
- All stored data (including databases and attachments) is encrypted using AES-256-bit encryption, with
encryption keys managed through AWS services and rotated annually. - All data transmitted over networks is encrypted using HTTPS with TLS 1.2 or later.
Single Sign-On
Data Security (16)
Identity Validation
Termination of Employment
Production Database Access Restriction
Multi-Factor Authentication
User Privileges Reviews
User Access Reviews
Encryption of Data at Rest
Infrastructure Asset Inventory
Data Backups
Reliability and Integrity Testing
User Consent and Compliance
Data Subject Access Requests
Backup Implementation
Data Encryption at Rest
Data Encryption in Transit
Physical Security Measures
Network Security (9)
Impact Analysis
Network Connection Restrictions
External System Connections
Confidentiality in Data Transmission
Anomalous Behavior Detection
Capacity & Performance Monitoring
Protection of Data in Non-Production Environments
Centralized Security Event Logging
Virtual Private Cloud Implementation
Application Security (7)
Privacy Notice Accessibility
Secure System Modifications
Change Approval Procedures
Unauthorized Activity Monitoring
Code Analysis & Vulnerability Detection
Secure Software Development Life Cycle
Patch & Vulnerability Management
Corporate Security (8)
Code of Business Conduct
Sophus maintains a well-documented policy outlining behavioral standards and ethical business practices.
Organizational Structure & Governance
Sophus implements a structured framework to define authorities, facilitate information flow, and assign responsibilities.
Clear Roles & Responsibilities
Sophus establishes transparent communication procedures to ensure staff understand their security-related responsibilities.
Competency-Based Hiring
Sophus ensures that security-sensitive positions are staffed with appropriately qualified professionals.
Personnel Security Screening
Sophus conducts security screenings prior to granting personnel access to critical systems.
Security & Privacy Training
Sophus provides role-specific security and privacy awareness training to all staff.
Performance Evaluations
Sophus assesses employees in IT, engineering, and security roles based on their responsibilities and contributions.
Incident Response Training
Sophus ensures all employees are educated on incident response protocols, covering triage, containment, eradication, and recovery procedures.
