Information

Security

Future in SuperScale s.r.o. is secured

As a modern, forward-looking business, SuperScale s.r.o. recognises at senior level the need to ensure that its business operates smoothly and without interruption for the benefit of its employees, customers, shareholders and other stakeholders.

Senior management recognizes the importance of information security to protect information and business assets and in order to provide such a level of continuous operation, SuperScale s.r.o. has developed an Information Security Management System (ISMS) in line with international standard ISO/IEC 27001 and independent cybersecurity reputation risk management solution provided by CyberGRX.

The operation of this ISMS has many benefits for the business, including:

Protection of revenue streams and company profitability
Ensuring the supply of goods and services to customers
Maintenance and enhancement of shareholder value
Compliance with legal and regulatory requirements
Reducing risks to acceptable level and effective process integration

Following the ISO 27001 standard and risk management check by CyberGRX, here are the security basics we follow to improve the trust our clients can have in our products but also the security feelings of our employees and suppliers.

To ensure adequate business continuity of our services, we rely on well-tested and well-proven cloud security providers such as Google Cloud Platform or Digital Ocean. In addition to assured resiliency by cloud service providers, we perform server image backups to ensure we will not loose data necessary to provider our services.

All communications channels with our servers and services are encrypted using TLS with configuration best practices, we make sure data in transit are encrypted and up to date secure encryption methods are used.

Data reside in MongoDB databases; documents reside in Google Workspace with adequate backup frequency to ensure we will not loose data necessary to provide our services.

For secure authentication we utilize integration with Google SSO SAML and enforce 2FA authentication where it is technically possible. We never store password and authentication information in clear text. Access to information and files is strictly setup as per our control access principles of role-based access control, principle of least privilege and need to know. Every 3 months we review accesses and permissions to ensure only authorized people have an adequate level of access. Employees use password management system to enforce strong and complex password policy.

All our developers are made aware of best practices and minimum-security requirements in secure development, code we write is double checked and analysed for known vulnerabilities. Various functionality and security tests are run before each new code deployment. Every year we engage external subject matter experts to perform their independent penetration testing of our application.

All our computers and work mobile devices have drives encrypted, and run with up-to-date NextGen Antivirus solution including enhanced functionality such as MDM, HIPS and EDR. Mobile devices are authorized and under our visibility by Google Endpoint management tool.

We engaged external subject matter experts to provide us with SOC services, advanced monitoring including SIEM services, periodic vulnerability scanning of our infrastructure and threat intelligence reporting to ensure security posture is up-to-date in today’s ever-changing world where new vulnerabilities and threats are discovered every week.

Commitment to the delivery of information security extends to senior levels of the organization and is demonstrated through the information security policy and strategy, and the provision of appropriate resources to continuously improve the ISMS program.

We encourage all employees and other stakeholders in our business to ensure that they play their part in delivering our information security objectives. It is responsibility of every employee to follow principles of ISMS policies and security awareness trainings to ensure information and processes are protected in respect of desired level of confidentiality, availability and integrity.

Company established security steering committee board that participate on periodic management review meetings to oversee the execution and effectiveness of ISMS program, asset owners responsible for the protection of the assets under their administration and the information security officer (CISO).

Main goals for next period is to continuously monitor the risks to reduce any identified ones to an acceptable level and to enhance our established and executed ISMS program to new ISO27001:2022 version when it is officially released.

Yours sincerely,

Management board

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_PSXVCB6R9N	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_173282740_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.

Cookie	Duration	Description
_hjSession_2874212	30 minutes	No description
_hjSessionUser_2874212	1 year	No description
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
lpv971653	30 minutes	No description
visitor_id971653	10 years	No description
visitor_id971653-hash	10 years	No description

Security

Contact us

Address

Pages

Legal

Follow us