Information Security Policy
Cascadeo maintains an Information Security policy that employees agree upon that state responsibilities and policies of system resources. This policy covers a variety of topics and is updated and training is routinely given to the staff. Some of the highlighted policies include:
- Systems and procedures for storing and sharing passwords
- Physical access to offices and equipment
- Compute and mobile device security
- Department specific security considerations
Built with a Secure Partners
Cascadeo services are built on popular cloud infrastructure providers which is secured and certified at many levels.
- Certifications with many programs – ISO 9001, ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC3 FISMA and may more.
- Built-in methods in services for encryption data-at-rest and data-in-transit
- Monitoring and Logging tools
- Access and Identity controls with multi-factor authentication
Cascadeo holds the AWS Managed Services APN Partner Certification which is audited by a 3rd party and includes and extensive list of security requirements. You can lean more about the Managed Services Certification here. Items included in the audit:
- Confirmation of established security policies to protect from attacks
- Access management policies and procedures
- Routine testing and review of security posture
Least Privileged Access
Cascadeo only asks for and shares with the team the minimal access needed to get the job done. This applies to all products and services including:
- Cascadeo’s Managed Services Platform for accessing your cloud to monitoring and gather information.
- Cascadeo’s NOC to support your running infrastructure to keep things running optimally.
- Cascadeo’s Professional Services to assess and build a best practices environment.
Encryption at Rest. We take advantage of our partner tools to provide encryption-at-rest. Our database uses AWS DynamoDB’s built in feature encryption tool using AES 256 key encryption. We also use Auth0, an industry standard, for user database and authentication and take advantage of their encryption standards.
Encryption in Transit. Cascadeo communication are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks.