Secure by design
We support our activity in robust data security and privacy practices and we incorporate these principles in the design, implementation and management of our products and services.
We know that we are custodians of very sensitive data owned by our customers, and that is why we ensure a robust security model supported by constantly updating data protection architectures and highly resilient service platforms.
We are ISO 27001 certified since July 2019 covering the activities of composition, production, personalization, multi-channel distribution and digital document archiving.
The allocation of access is carried out according to roles and responsibilities and profiles are managed in an auditable manner with traceability.
Secure email sending
Emails are sent with a TLS certificate and using DMARC, SPF and DKIM protocols.
Own data center
Our digital custody solution guarantees file immutability through the WORM (Write Once Read Many) system and supported on DELL ECS (Elastic Cloud Storage) equipment.
Rules that define communication and data transaction permissions between systems are applied.
AES 252 bit encryption is ensured for data at rest and HTTPS with TLS 1.2 encryption for data in transit.
Access to the secure backoffice is only available to authorized connections for management purposes.
Malware protection is applied based on the latest identified threat listings that support real-time scanning.
The personal data stored in our databases are encrypted, thus allowing their anonymization.
Resilient service platforms
All components are installed in ‘n + 1’ mode in Lisbon and Aveiro, configured in “active – active” mode and supported by a load balancing service that allows business continuity.
Internet access redundancy
We have an internet service agreement with two telecommunications operators.
Automatic traffic distribution that supports high availability, scalability and robust security is ensured.
Data is synchronized in datacentres located in different geographies.
Proactive monitoring is done based on conservative limits and there is scope for expansion.
The product roadmap is defined and periodically reviewed. Security fixes are prioritized and grouped into the sprint as quickly as possible.
Source code is centrally managed with version control and restricted access based on teams assigned to specific sprints. Logs are maintained for code changes and code check-ins and check-outs.
All changes are tested by the QA team and criteria are set for performing code reviews. Builds undergo functionality testing, performance testing, and stability testing before being certified as “ready to use”.
Segregation of duties
Production access is restricted to a very limited set of users based on their roles. Access to the production environment for developers and QA team members is restricted based on their job responsibilities.
Physical infrastructure supported in a CF60 safe room.
High physical security room with steel walls and MSITR panel.
CF60 fire insulating panels.
High mechanical strength and physical safety.
Rescued electrical panels, with double busbar – 2N, with inter-busbar system.
General electrical panel of datacentre.
2 2N uninterruptible power supply units (20KVA).
Climatization – 2N – with 46 KW of total cooling power, in two units of 23KW each.
Fire detection and extinguishing system.
Dedicated generator set.