Envipco takes security and privacy to the forefront of our products and applications to ensure that our customer’s information is always safe. With cutting-edge information security technology and an experienced security team, we are leading the way in the industry.
Our security policies are based on six guiding philosophies:
1. Only give keys to people who need them.
Systems access should be based on the principle of least privilege and limited to only those with a legitimate business need. We check and double check to make sure that all access granted is required.
2. If one wall is good, two is better!
Security controls should be implemented and layered in accordance with the defense-in-depth approach. From Multi-factor Authentication to employee cyber security training, Network-edge security appliances to centrally managed next generation anti-virus software, we make sure that each step taken has a method of security.
3. What good is a lock on the door if the window is still open?
Controls should be applied consistently across the organization, and Envipco has taken pride in implementing security controls internationally. Using centrally managed cloud-based policies, we verify that all systems stay secure.
4. Train your guards.
Constantly maintaining a security team keeps Envipco in good standing for security controls, but every employee must stand guard to security threats, they are the first line to see any potential issues. Envipco makes sure every employee with access to our systems is trained upon onboarding and annually in cyber security using the industry leading training application, KnowBe4.
5. Stay vigilant!
Security controls should employ modern technology to respond successfully to continuously changing threats. They should be ever evolving with new threat landscapes and should always be ready for the next one.
6. Don’t just say it, PROVE IT!
Having security controls is great, proving it is something else. Envipco takes our proof seriously by maintaining compliance standards through annual 3rd party auditing. We proudly maintain AICPA SOC 2 Type II attestation and GDPR compliance.
Additionally, Envipco contracts with 3rd parties for annual penetration testing just to verify the systems put in place work. This also gives the opportunity to review for any changes that are required to our systems to stay current with the threat landscape.
Copies of test reports and attestations of compliance are available upon request. If you have any questions, please contact our local office.