Security best practices

We conduct extensive security-design reviews and regular penetration tests. All employees and contractors complete security training, including topics like information security, data privacy, and password security. They also sign a confidentiality agreement before working for Nalpeiron. Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Zentitle2 environment, are permitted access to our production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible. Application Security (SAST)‍ We use advanced code scanning and cloud vulnerability assessments to identify potential problems before deployment. We continuously scan our containers and dependencies for known vulnerabilities to improve our security posture. Cybersecurity Reports We can generate reports that can be used as part of your cybersecurity assessment. The documents include SBOM (Software Bill of Materials) and SAST (Static Application Security Testing ), which is performed automatically on all production repositories and Docker containers, reports that form part of our Software Development Lifecycle. To request the latest Nalpeiron security audit report, follow the Help menu in Zentitle2, where you can create a Support Ticket and ask for a secure link to the latest reports. In addition to our internal testing, we hire an external firm each year to conduct penetration testing at the network and application levels. We use Drata risk assessment tools to run regular internal audits.