Cyber Security & Digital Resilience

Siphter takes cyber security and digital resilience seriously. We understand our users always expect our services to be available and their data to be kept secure. We work hard to manage security risks and stay ahead of possible threats by maintaining focus on the following areas.

1. Secure code development

Our code is developed with OWASP Top 10 in mind and reviewed with automatic tools. We are committed to best practices for secure software development.

2. Data encryption

We use HTTPS by default, to protect information that our users transmit throughout the platform, in accordance with industry standards. Our internal policies require encryption of laptops to protect our data in case of loss or theft.

3. Availability and digital resilience

We have a high-availability solution that protects our infrastructure against Distributed Denial of Service (DDoS) attacks. Additionally, our services use a Web Application Firewall (WAF) that protects the platform from malicious activities that could compromise our data.

4. Audits and penetration testing

We use recognised accredited third parties to perform information security audits. We perform regular penetration tests of our platform and internal networks across our offices. We also have an internal vulnerability management process with automatic scanning capabilities.

5. Third party security

Like many businesses, we use certain third parties to support the services we provide to our users. We ensure that third parties are properly assessed in line with our security, outsourcing and data residency policies and procedures, and reviewed on a regular basis.

6. Incident and vulnerability reporting

We strive to implement high standard of cyber security and digital resilience, but incidents or vulnerabilities may occur. If you would like to report or provide feedback on any issue please contact our Information Security Director on mailto:hello@siphter.com. We treat any such report or feedback as high priority and will address them as soon as possible.

7. Industry collaboration

We work closely with other peers and organisations that meet industry standards, to improve our cyber security and digital resilience. We often take part in security forums, conferences and private discussion groups to stay ahead of threats to our business.

8. Human resources security

Siphter employees receive security awareness training on an ongoing basis, and are required to adhere to our information security procedures. Any incidents of non-compliance are dealt with by our Information Security Director, who has full access to the Siphter Board.