trust center

Data Security and Privacy

Trust is the foundation of any successful partnership, which is why Secure Code Warrior provides every customer with a reliable and secure platform for our products and services. We believe transparency is key to building trust. The Secure Code Warrior Trust Centre provides an overview of how we collect your data, protect your data, ensure compliance, and adhere to industry standard best practices and all applicable laws and regulations

Our approach to Security and Privacy

Secure Code Warrior is committed to safeguarding our information assets, and those of our customers, against misuse, abuse or compromise. Your data is important to us. Security and privacy standards are baked into our everyday processes throughout our organisation.

dark red button
Learn more

How we secure our products

Our products are operated and hosted in AWS, utilizing their world-class security features and benefits. Secure Code Warrior has established a Product Security Framework that ensures our products protect your people and data.

Secure cloud

We host our services and data in AWS, leveraging AWS’ world-class data-centers and their security benefits, certifications, and US and EU locations.

secure practices

We utilize AWS’ well-architected framework to ensure the best possible security practices are implemented and followed.

INCIDENT RESPONSE

We have threat detection enabled and actively respond to alerts and security incidents according to a predefined plan and process.

Encryption

TLS 1.2 (or higher) is enforced for all communications to and from any endpoint, such as APIs or web servers. We leverage industry standard AES-256 encryption for data at rest.

vulnerability management

Our infrastructure and applications are continuously scanned for known vulnerabilities, which when identified are then managed according to our vulnerability remediation process.

Secure code training

Our software engineers are trained to understand and prevent the most common and severe vulnerabilities impacting software.

third party libraries

We continuously scan 3rd-party libraries for known vulnerabilities and work to resolve them according to our vulnerability remediation process.

PENETRATION TESTING

We regularly engage expert third-parties to perform penetration tests in addition to our internal testing and scanning programs.

SECURE SDLC

Changes to our products go through a series of security tests and assessments prior to being deployed, including SAST, DAST, and container vulnerability scanning.

CODE REVIEW & TESTING

Code is quality assured by peer review and using a test-based approach where our engineers include security test cases.

Single Sign-On

The Secure Code Warrior Learning Platform supports SSO, enabling organisations to extend their own authentication controls for staff accessing the Platform.

Role-based access control

Data access within Secure Code Warrior is governed by role-based access control (RBAC), with a limited number of roles.

SECURE ACCESS to production data

All access to production systems is strictly controlled with MFA being enforced. Access to production databases is further secured with ephemeral credentials.

Compliance, Certifications and Assessments

Secure Code Warrior meets industry best practices and standards to achieve compliance with industry-accepted general security and privacy frameworks, inspiring confidence and trust and helping our customers meet their compliance standards.

Security and Privacy Resources

Report a Security Vulnerability

If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.

dark red button
Responsible Disclosure Policy

Looking for something more specific?

Additional privacy and security documents are available upon request, but may require a mutual non-disclosure agreement to be completed. Please complete the form below and we'll be in contact with you to explore your request.

*Indicates mandatory fields.

We do ask a few questions so that we can better understand things, but know that your personal details are cared for like we would care for our own. Read our Privacy Policy for more info.

dark red button
Submit
Thank you! Your request has been received!
Oops! Something went wrong while submitting the form.