Information

Security

Future in SuperScale s.r.o. is secured

As a modern, forward-looking business, SuperScale s.r.o. recognises at senior level the need to ensure that its business operates smoothly and without interruption for the benefit of its employees, customers, shareholders and other stakeholders.

Senior management recognizes the importance of information security to protect information and business assets and in order to provide such a level of continuous operation, SuperScale s.r.o. has developed an Information Security Management System (ISMS) in line with international standard ISO/IEC 27001 and independent cybersecurity reputation risk management solution provided by CyberGRX.

The operation of this ISMS has many benefits for the business, including:

Protection of revenue streams and company profitability
Ensuring the supply of goods and services to customers
Maintenance and enhancement of shareholder value
Compliance with legal and regulatory requirements
Reducing risks to acceptable level and effective process integration

You can check our ISO 27001 certification here.

Following the ISO 27001 standard and risk management check by CyberGRX, here are the security basics we follow to improve the trust our clients can have in our products but also the security feelings of our employees and suppliers.

To ensure adequate business continuity of our services, we rely on well-tested and well-proven cloud security providers such as Google Cloud Platform or Digital Ocean. In addition to assured resiliency by cloud service providers, we perform server image backups to ensure we will not loose data necessary to provider our services.

All communications channels with our servers and services are encrypted using TLS with configuration best practices, we make sure data in transit are encrypted and up to date secure encryption methods are used.

Data reside in MongoDB databases; documents reside in Google Workspace with adequate backup frequency to ensure we will not loose data necessary to provide our services.

For secure authentication we utilize integration with Google SSO SAML and enforce 2FA authentication where it is technically possible. We never store password and authentication information in clear text. Access to information and files is strictly setup as per our control access principles of role-based access control, principle of least privilege and need to know. Every 3 months we review accesses and permissions to ensure only authorized people have an adequate level of access. Employees use password management system to enforce strong and complex password policy.

All our developers are made aware of best practices and minimum-security requirements in secure development, code we write is double checked and analysed for known vulnerabilities. Various functionality and security tests are run before each new code deployment. Every year we engage external subject matter experts to perform their independent penetration testing of our application.

All our computers and work mobile devices have drives encrypted, and run with up-to-date NextGen Antivirus solution including enhanced functionality such as MDM, HIPS and EDR. Mobile devices are authorized and under our visibility by Google Endpoint management tool.

We engaged external subject matter experts to provide us with SOC services, advanced monitoring including SIEM services, periodic vulnerability scanning of our infrastructure and threat intelligence reporting to ensure security posture is up-to-date in today’s ever-changing world where new vulnerabilities and threats are discovered every week.

Commitment to the delivery of information security extends to senior levels of the organization and is demonstrated through the information security policy and strategy, and the provision of appropriate resources to continuously improve the ISMS program.

We encourage all employees and other stakeholders in our business to ensure that they play their part in delivering our information security objectives. It is responsibility of every employee to follow principles of ISMS policies and security awareness trainings to ensure information and processes are protected in respect of desired level of confidentiality, availability and integrity.

Company established security steering committee board that participate on periodic management review meetings to oversee the execution and effectiveness of ISMS program, asset owners responsible for the protection of the assets under their administration and the information security officer (CISO).

Main goals for next period is to continuously monitor the risks to reduce any identified ones to an acceptable level and to enhance our established and executed ISMS program to new ISO27001:2022 version when it is officially released.

Yours sincerely,

Management board

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	1 month 6 days 9 hours 24 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_PSXVCB6R9N	2 years	This cookie is installed by Google Analytics.
_gat_UA-173282740-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
uuid	never	MediaMath sets this cookie to avoid the same ads from being shown repeatedly and for relevant advertising.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_chtbl	session	No description available.
visitor_id971653	10 years	No description
visitor_id971653-hash	10 years	No description

Security

Contact us

Address

Solutions

Pages

Legal

Follow us