We are committed to make your organization and ours as secure as possible
We value three things central to every product decision we make
At Secuna, your data is your data. It is also fully encrypted and definitely is NOT monetized.
We make sure that our operations and efforts are designed with security in mind.
Addressing ISO standards, we are recognized as a top Cybersecurity Assessment Provider.
Our Privacy Principles
Security is the ultimate sophistication
Your data is fully encrypted
All your data is encrypted in transit and at rest, using only industry-accepted software, standards and best practices for data handling and security.
Your data is kept private
Your data is not monetized
Our business model is based on providing management services and selling our secure platform, not data; we don't monetize customer data in any way.
Data Protection Officer
Secuna has appointed a Data Protection Officer (DPO) as the cross-functional company advocate for security and data privacy. Our DPO is a licensed lawyer with substantial depth of expertise and experience in compliance-related matters.
Data Privacy Act of 2012
Secuna has an internal, cross-functional team to ensure that it adheres to the Data Privacy Act of 2012 of the National Privacy Commission. We handle all user data securely, making sure we remain compliant to privacy laws and regulations.
Our Commitment to Security
We take security to heart
Our operations are designed with security in mind, from handling critical data contained within vulnerability reports to code deployment, patch management, and best practices in operational security.
Improving Our Own Security
Engineering and Product Team
We have first class engineers and product designers that also have extensive experience in cybersecurity.
We follow the secure SLDC process from quality assurance, code review, architecture analysis, to penetration testing.
Security Awareness and Training
Our employees attend Security and Awareness trainings to gain knowledge and help prevent common security mistakes.
We actively run our own Bug Bounty Program on our platform to securely receive, and act on potential security vulnerabilities.
We perform extensive background checks on all employees before hiring. It includes employment verification and criminal checks.
Improving Application Security
We implemented strict security headers to effectively prevent and neutralize attacks.
Password Security and Encryption
We store passwords through Auth0 , a secure authentication and authorization as a service.
Strict Password Requirements
We enforce all of our users to use a password with a minumum of 12 characters in length, combination of numbers, special characters, lower case and upper case letters.
We require all users to set up their MFA when signing up. We use Auth0's Multi-Factor Authentication.
Web App Firewall
We leverage on CloudFlare to complement the resilience of our infrastructure.
We don't store credit card information on our servers. We use a PCI-DSS certified provider.
Improving Infrastructure Security
Database & Backups
Secuna Database & Backups are hosted in Amazon Web Services (AWS) and are maintained in encrypted form only.
We store files submitted on our platform (such as videos, files, and images) in AWS S3 , encrypted at rest, and served from a sandboxed domain, protecting from Same-origin Policy attacks.
Our Compliance Standards
We follow industry-standard compliance certifications
ISO/IEC 29147:2018 provides requirements and recommendations to our customers on the disclosure of vulnerabilities in products and services.
ISO/IEC 30111:2019 provides requirements and recommendations for how to process and remediate potential reported vulnerabilities in a product or service.
The Department of Informations and Communications Technology (DICT) recognizes Secuna as one of the Top Cybersecurity Assessment Providers.
The PCI Security Standards Council helps develop and implement security standards for account data protection. We do not store, process, and/or transmit cardholder data, and instead use CyberSource, third-party processors certified as a PCI Level 1 service provider. See how CyberSource protects credit card data.