您的数据对我们很重要。安全和隐私标准已融入我们整个组织的日常流程。
访问我们的信任档案,详细了解我们的安全态势、合规性以及为保护我们的系统和客户数据而正在进行的计划
我们的服务托管在亚马逊网络服务基础设施上,我们使用 MongoDB Atlas 进行存储。我们利用他们在美国和欧盟的世界一流数据中心来保护信息并满足核心安全与合规性要求。有关其安全措施的更多信息,请访问: AWS 安全& MongoDB 安全
作为我们初始入职流程的一部分,所有员工都将持续接受有关其各自信息安全/隐私义务的培训(至少每年一次)。此外。我们的工程师在上面进行安全代码培训 OWASP 前 10 名
我们会持续监控恶意活动,并定期扫描我们的基础架构、应用程序和第三方库中是否存在已知漏洞。我们的所有产品在部署之前都要经过一系列同行评审和安全评估,包括第三方库扫描、静态代码分析和静态容器分析。除了我们的内部测试和扫描程序外,我们还定期聘请专业第三方进行渗透测试。
我们支持单点登录 (SSO),因此您可以实施自己的身份验证系统来控制对我们平台的访问权限。在 Secure Code Warrior 中,我们实施最低权限原则,对生产数据的访问受安全组的限制,仅限于严格需要支持的人员。我们还使用多因素身份验证 (MFA) 和临时凭证来严格控制对生产系统的访问
您的个人数据对我们很重要,我们致力于通过严格遵守国际法规和行业最佳实践来保护您的个人数据。
AICPA SOC 2 Type 2
We know that you entrust Secure Code Warrior with confidential information from your use of our product offerings. To this end, we take the protection and confidentiality of your data extremely seriously. We continuously pursue the highest technical standards, organizational measures, and industry-recognized best practices so that all of our customers have trust and confidence in Secure Code Warrior.
To show our commitment, Secure Code Warrior has successfully attained its SOC 2 Type II report demonstrating that we have the appropriate controls in place to mitigate risks related to security, availability, and confidentiality. A SOC 2 report is designed to meet the needs of customers who require assurance about the effectiveness of controls of a SaaS vendor like Secure Code Warrior. The report is the outcome of an audit performed by an independent third-party firm certified by the American Institute of CPAs (AICPA).
These audits are an industry-wide standard to assess the data security and privacy of software vendors. Our Type II audit is the most robust type and set out to prove that we had controls in place for a sustained period of time, exhibiting reliable and consistent safeguards in place to protect our customers’ data. If you are interested in our SOC 2 report, reach out to your account manager or email our support team - support@securecodewarrior.com.
ISO 27001:2013 / ISO 27701:2019
In addition to our SOC 2 Type II report, Secure Code Warrior is also certified against the ISO 27001 and ISO 27701 standards to further enhance our security and privacy posture.
Click the links below to view and validate our ISO certifications.
The following resources are provided in Secure Code Warrior's Security pack.
If you require the following resources, kindly reach out to your account manager or email our support team - support@securecodewarrior.com
- Cloud Security Alliance CAIQ
Read our Security and Privacy Whitepaper to learn more about how we leverage policies, procedures and AWS’ world-class security features to protect our information assets.
If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.
您的个人数据对我们很重要,我们致力于通过严格遵守国际法规和行业最佳实践来保护您的个人数据。
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you.
For more information about how and why we process personal data, please refer to our privacy policy. This applies to anyone that visits our website, uses our platform or otherwise engages with us or our services.
We use essential cookies to help make sure our website and platform are functioning properly, and to deliver the secure and sleek service you expect from us. For more information about how and why we use cookies (including non-essential cookies), please refer to our cookie policy.
We recognize the importance of safeguarding the personal information we handle and are committed to meeting, and helping our customers meet, the relevant data protection regulations that apply worldwide. We do so by aligning ourselves with the EU GDPR’s requirements and industry best practice.
Click the link below for more information.
Our data protection addendum is tailored to our service and designed to meet the international contractual needs of our customers.
It incorporates EU and UK GDPR requirements (including Standard Contractual Clauses for international transfers) and additional provisions for the CCPA.
We work with a carefully vetted selection of third parties who process personal data on our behalf to help deliver our services.
Click the link below for a list of our current sub-processors.
We conduct Transfer Impact Assessments when transferring personal data outside of the EEA/UK and ensure appropriate safeguard are in place before doing so.
For more information, please read our page on international transfers.
我们的专业法律团队通过就日益复杂、全球化和不断变化的监管环境提供战略建议,帮助我们的业务满足客户的需求。
Click the links below to access our terms of use for the Secure Code Warrior website and APIs.
Click the links below to access our subscription and service level agreements for customers.
SCW SaaS Agreement - Customers
Click the links below to access our subscription and service level agreements for partners.
Click the below links to access other legal documents that may be appropriate to your relationship with Secure Code Warrior.
Secure Code Warrior Sensei License T&Cs
Entry into SCW Devlympics T&Cs