We maintain a comprehensive set of security policies and standards designed to ensure comprehensive protection of information security.
We have adopted the International Standard ISO/IEC 27002:2013 as the basis of our security controls, and developed a comprehensive framework of security policies and standards encompassing all of the control areas identified by the standard.
This is the same standard followed by global banks, brokerages and stock exchanges around the world – the standard used to protect all information shared with your clients.
Security controls limit the disclosure of information to authorized individuals, entities, and systems only.
- All user access to the Street Contxt application is enabled only over TLS encrypted communications with verification of server certificates performed against a trusted third- party Certificate Authority (CA).
- Automated analysis tools are used iteratively within the software development process to eliminate insecure code.
Security controls maintain the accuracy and consistency of information; restrict the right to insert, modify, and delete information to authorized parties only; and ensure that information cannot be modified in an unauthorized or undetected manner.
- All application code is reviewed in detail for potential security vulnerabilities and for compliance with technical standards by senior members of the technology team prior to acceptance into the application.
- A suite of security tests is performed as an integral part of our QA process.
- Software releases are deployed to production servers over strongly encrypted, authenticated, and integrity-checked channels.
Security controls ensure that information remains available to authorized parties, by ensuring that the systems required to deliver the information remain operable and that the information itself remains accessible. Street Contxt is hosted in secure datacenter facilities that are designed and managed in alignment with best practices for security and leading security standards, including:
- SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70 Type II)
- SOC 2
- FISMA, DIACAP, and FedRAMP
- PCI DSS Level 1
- ISO/IEC 27001
- FIPS 140-2
Security controls will ensure that exchanged communications and shared documents are genuine.
- The Street Contxt application authenticates messages sent to the application for distribution by verifying DKIM signatures. (This can be disabled at client request if DKIM signing capability is not available in the client organization.)
- Industry alerting services and databases are monitored continuously in order to detect any software vulnerabilities that may be identified in third- party components employed within or supporting the Street Contxt application. Any detected vulnerabilities are remediated in accordance with the documented Incident Management process.
Security controls will ensure that the individuals and systems performing actions or sending communications cannot deny having done so.
- The Street Contxt application signs outgoing message content for distribution by applying a DKIM signature.
- Detailed audit logs are kept with respect to user logons, user activities, messages for distribution, message distributions, and other application activities.
For security issues or questions, email firstname.lastname@example.org.