We Build Secure and Available Systems

We Build Secure and Available Systems means that:

• Security scans are performed regularly, and results actioned.
• Dependencies are monitored and vulnerabilities patched.
• Major platforms are kept up to date on supported versions.
• Explicit testing of authentication and authorization policies is carried out.
• Data is automatically backed up and restorable.
• Secure coding standards are actively followed and enforced in code reviews.
• Privacy controls are managed in accordance with a published privacy policy.
• Regular, independent penetration tests are carried out, and vulnerabilities are understood and rectified.