WeCP Security

At WeCP security and data protection remains a top priority throughout product cycle. WeCP has incorporated Industry best practices in security at all stages of our business architecture, product development and deployment.  

Security:

Physical And Environmental

Data Center:

WeCP technical hiring platform is hosted in “AWS” a leading cloud provider which is SOC2 Type II, ISO 27001: 2013 and PCI DSS 3.2.1 (applicable controls) certified.

Workspace Security:

  1. Access to sensitive areas/Data center cages is restricted to authorised individuals and requires Multi-Factor Authentication.
  2. A minimum of N+1 redundancy for all critical components.
  3. Intrusion alarms along with Round the clock monitoring of the Data center.
  4. Surveillance cameras placed at strategic locations including Entry/Exit of Data centers and key areas.

Logical Infrastructure Security And Operational Controls

  1. WeCP employs Defense in Depth strategy at both infrastructural as well as Application level.
  2. WAFs, Firewalls, Intrusion Detection Systems are deployed to strengthen the perimeter security.
  3. Host based IDS and Firewall allows us to further augment the same.
  4. WeCP production and Development infrastructure are both logically and physically segregated.
  5. All changes to production and UAT (including release pushes) are only carried out post explicit approvals from the Devops and Security teams.
  6. Access to Production Management plane
  • is centrally managed and is restricted to Devops team only
  • is restricted and whitelisted to specific IP addresses
  •  requires Multi factor Authentication and secure tunnelling.
  • All connection to servers are through Bastion Host/ Jump Box
  • Periodic User reviews and certifications to validate only approved personnel have access
  1. Malware Protection to detect latest threat signatures and perform real time scanning and security

Application Security:

  1. Every release goes through elaborate security reviews and tests against OWASP standards and other industry best practices:
  • Automated Code Review,
  • Manual Peer Review,
  • Image certification/Validation
  • Whitebox Security Testing by the Blue team
  • Post Release/Deployment Infra and Application assessment.
  1. Every developer undergoes a mandatory Security in Coding Training annually

Encryption:

  1. FIPS 140-2 compliant TLS 1.2 encryption (with strong ciphers) for data in transit.
  2. AES 256 bit encryption with 1,024 bit key-strength for data at Rest
  3. Access to the encryption keys are limited to authorised individuals.
  4. Keys are rotated periodically and upon exit of individuals who had knowledge of the keys

Logging And Monitoring:

  1. WeCP log management systems ensure that all critical events generated from Systems, Firewalls, IDS, WAF are all logged and monitored round the clock.
  2. SOC Runbooks are updated periodically to ensure that remedial actions and escalations are carried out at the earliest and in parallel.
  3. Incident response plans and processes are tested periodically to validate their effectiveness and adequacy.

HIPAA Via Business Associate Agreement (BAA)

WeCP executes BAAs with HIPAA-covered entities to certify PHI protections.

For information on how WeCP complies with GDPR and CCPA please visit our privacy policy.

Try WeCP today.

Close Bitnami banner
Bitnami