Marcato Security Guide
- We do not sell personal information of our customers to third parties.
- We have a full time staff focused on privacy and security issues.
- Marcato processes user personal data in accordance to GDPR’s data protection principles and has appointed a Data Protection Officer to oversee our GDPR compliance.
- Marcato is hosted by AWS (Amazon Web Services). Their facilities are certified to meet both SOC 1 Type II and SOC 2 Type II, along with ISO 27001 standards.
- All Marcato software engineers receive software security training that covers security best practices including covering OWASP Top Ten.
- Marcato uses static code analysis tools to analysis code for security vulnerabilities.
- All Marcato source code is developed in accordance with a standard SDLC process that includes:
- * A software and security code review before being shipped to production.
* Running through a continuous integration test suite.
* Manual QA testing.
- All web traffic is encrypted by TLS 1.2 or greater.
- Marcato follows NIST recommendations for hashing, symmetric and asymmetric encryption.
- All staff regularly receives security training by trained professionals and must pass security quizzes testing their security awareness.
- All staff regularly receive simulated phishing tests.
- All staff must sign off on security and acceptable use policies and procedures.
- All staff are subject to detailed background checks.
- If you discover a vulnerability, Marcato requests that you responsibly disclose the vulnerability to our security team by taking the following steps.
- * Do not attempt to exploit the vulnerability
* Email our Security Incident Response Team at firstname.lastname@example.org
* If the contents of the vulnerability are sensitive in nature, please use our PGP key, below:
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----