Trust Matters
We are committed to make your organization and ours as secure as possible
Our values
We value three things central to every product decision we make
Privacy
At Secuna, your data is your data. It is also fully encrypted and definitely is NOT monetized.
Security
We make sure that our operations and efforts are designed with security in mind.
Performance
Addressing ISO standards, we are recognized as a top Cybersecurity Assessment Provider.
Our Privacy Principles
Security is the ultimate sophistication
Your data is fully encrypted
All your data is encrypted in transit and at rest, using only industry-accepted software, standards and best practices for data handling and security.
Your data is kept private
It’s our responsibility to be transparent about the data we collect. Our privacy policy’s overarching tenet is that your data will always be your data.
Your data is not monetized
Our business model is based on providing management services and selling our secure platform, not data; we don't monetize customer data in any way.
Data Protection Officer
Secuna has appointed a Data Protection Officer (DPO) as the cross-functional company advocate for security and data privacy. Our DPO is a licensed lawyer with substantial depth of expertise and experience in compliance-related matters.
Data Privacy Act of 2012
Secuna has an internal, cross-functional team to ensure that it adheres to the Data Privacy Act of 2012 of the National Privacy Commission. We handle all user data securely, making sure we remain compliant to privacy laws and regulations.
Our Commitment to Security
We take security to heart
Our operations are designed with security in mind, from handling critical data contained within vulnerability reports to code deployment, patch management, and best practices in operational security.
Improving Our Own Security
Engineering and Product Team
We have first class engineers and product designers that also have extensive experience in cybersecurity.
Software Development
We follow the secure SLDC process from quality assurance, code review, architecture analysis, to penetration testing.
Security Awareness and Training
Our employees attend Security and Awareness trainings to gain knowledge and help prevent common security mistakes.
Security Program
We actively run our own Bug Bounty Program on our platform to securely receive, and act on potential security vulnerabilities.
Employee Vetting
We perform extensive background checks on all employees before hiring. It includes employment verification and criminal checks.
Improving Application Security
Security Headers
We implemented strict security headers to effectively prevent and neutralize attacks.
Communications Security
We encrypted all network communications between our server and clients with SSL/TLS with Perfect Forward Secrecy (PFS) and HTTP Strict Transport Security (HSTS).
Password Security and Encryption
We store passwords through Auth0 , a secure authentication and authorization as a service.
Strict Password Requirements
We enforce all of our users to use a password with a minumum of 12 characters in length, combination of numbers, special characters, lower case and upper case letters.
Authentication
We require all users to set up their MFA when signing up. We use Auth0's Multi-Factor Authentication.
Web App Firewall
We leverage on CloudFlare to complement the resilience of our infrastructure.
Payment Security
We don't store credit card information on our servers. We use a PCI-DSS certified provider.
Improving Infrastructure Security
Infrastructure
All our infrastructure is hosted on Amazon Web Services (AWS) in SOC 1, 2, and 3 andISO 27001 certified datacenters.
Database & Backups
Secuna Database & Backups are hosted in Amazon Web Services (AWS) and are maintained in encrypted form only.
Storage Security
We store files submitted on our platform (such as videos, files, and images) in AWS S3 , encrypted at rest, and served from a sandboxed domain, protecting from Same-origin Policy attacks.
Our Compliance Standards
We follow industry-standard compliance certifications
ISO 29147
ISO/IEC 29147:2018 provides requirements and recommendations to our customers on the disclosure of vulnerabilities in products and services.
ISO 30111
ISO/IEC 30111:2019 provides requirements and recommendations for how to process and remediate potential reported vulnerabilities in a product or service.
DICT Recognition
The Department of Informations and Communications Technology (DICT) recognizes Secuna as one of the Top Cybersecurity Assessment Providers.
PCI
The PCI Security Standards Council helps develop and implement security standards for account data protection. We do not store, process, and/or transmit cardholder data, and instead use CyberSource, third-party processors certified as a PCI Level 1 service provider. See how CyberSource protects credit card data.
Let's talk
Still Have Questions?
We work continuously to improve our services. If you have any questions or comments, feel free to send us a message at support@secuna.io.