We have always taken the topics of security and privacy at Exponea very seriously. It is our highest priority to protect the data we work with, including our clients’ data. We strive to always use the highest measures so that we stay secure and compliant. Security shapes our structure, educational objectives, and the recruiting process.
This whitepaper outlines Exponea’s perspective on security and compliance. It focuses on security controls and elaborates on processes and details of how Exponea protects our clients’ data.
We are trying to create a strong security culture amongst all employees of Exponea. We strongly believe that every employee is an essential part of our defense against potential security breaches.
This culture has a strong impact on all employees and is present at all stages and everywhere, including the hiring process, employee on-boarding, but also as a part of the ongoing training that Exponea provides and company events to raise awareness. Before an employee joins Exponea, we perform a check of his/her background. All our employees must be familiar with our security policies and go through security training as part of the on-boarding process and receive regular security training throughout their stay here at Exponea. During the on-boarding process, new employees agree to our NDA and go through OWASP training. This shows our commitment to keeping the data of our customers secure.
All employees working at Exponea must follow our password security and lockout policy, must have 2FA authentication, must have a secure Wi-Fi connection, or alternatively, be connected to our VPN when working remotely. Additionally, all of Exponea’s employees are using Okta which is a Single Sign-On service that enables them to securely access their accounts and applications.
The developers in the IT segment receive instructions on topics like best coding and development practices, the principle of least privilege when granting access rights, etc. The IT department also attends technical presentations on security-related topics, receives regular updates on the newest issues from the Cybersecurity space in our Security channel.
Exponea has valid certifications to show how seriously we take the topics of security and compliance. We currently have the following certifications:
Exponea has a dedicated team that consists of security engineers and a security manager who is an essential part of our IT. This team is responsible for maintaining Exponea’s protection and defense systems, reviewing security operational processes, building security frameworks and creating new security policies. They also monitor any suspicious activity, address cybersecurity threats and perform regular health checks and audits. Our independent Data Protection Officer (DPO) makes sure that Exponea stays compliant. The DPO is tasked with monitoring compliance with the GDPR and other data protection laws, our data protection policies, GDPR awareness training, and audits.
Exponea has several security features and has been built with security in mind. You can read more about these features in our Security controls article.
The Exponea application also supports our customers in finding the best ways to be compliant with GDPR and our product and employees are constantly reviewing our own compliance.
Updated 2 months ago