Secure Code Warrior is committed to safeguarding our information assets, and those of our customers, against misuse, abuse or compromise. Your data is important to us. Security and privacy standards are baked into our everyday processes throughout our organization. Learn how we secure the platform and your data.
Our products are operated and hosted in AWS, utilizing their world-class security features and benefits. Secure Code Warrior has established a Product Security Framework that ensures our products protect your people and data.
We host our services and data in AWS, leveraging AWS’ world-class data-centers and their security benefits, certifications, and US and EU locations.
We utilize AWS’ well-architected framework to ensure the best possible security practices are implemented and followed.
We have threat detection enabled and actively respond to alerts and security incidents according to a predefined plan and process.
TLS 1.2 (or higher) is enforced for all communications to and from any endpoint, such as APIs or web servers. We leverage industry standard AES-256 encryption for data at rest.
Our infrastructure and applications are continuously scanned for known vulnerabilities, which when identified are then managed according to our vulnerability remediation process.
Our software engineers are trained to understand and prevent the most common and severe vulnerabilities impacting software.
We continuously scan 3rd-party libraries for known vulnerabilities and work to resolve them according to our vulnerability remediation process.
We regularly engage expert third-parties to perform penetration tests in addition to our internal testing and scanning programs.
Changes to our products go through a series of security tests and assessments prior to being deployed, including SAST, DAST, and container vulnerability scanning.
Code is quality assured by peer review and using a test-based approach where our engineers include security test cases.
The Secure Code Warrior Learning Platform supports SSO, enabling organisations to extend their own authentication controls for staff accessing the Platform.
Data access within Secure Code Warrior is governed by role-based access control (RBAC), with a limited number of roles.
All access to production systems is strictly controlled with MFA being enforced. Access to production databases is further secured with ephemeral credentials.
Our products are operated and hosted in AWS, utilizing their world-class security features and benefits. Secure Code Warrior has established a Product Security Framework that ensures our products protect your people and data.
Below you will find a list of resources you can view to validate our security and privacy standards. Please note that some resources require an NDA. If you require these resources, kindly reach out to your account manager or e-mail our support team through the form below.
ISO 27001:2013 Secure Code Warrior is ISO 27001:2013 certified. View our certificate.
ISO 27701:2019 Secure Code Warrior is ISO 27701:2019 certified. View our certificate.
The Information Security and Privacy Management Policy. Download policy.
CAIQ Questionnaire. Download questionnaire.
SCW Pentest Summary Report (available under NDA only).
Shared Assessment SIG Lite Questionnaire (available under NDA only).
SCW Cyber Insurance Certificate (available under NDA only).
FSQS-NL Certificate (available under NDA only).
Platform Architecture Diagram (available under NDA only).
If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.
Our legal center is the one stop shop for our terms of use, privacy policy and global privacy information.
Additional privacy and security documents are available upon request, but may require a mutual non-disclosure agreement to be completed. Please complete the form below and we'll be in contact with you to explore your request.
