The architecture of the SnapComms solution has been designed to ensure compliance with strict security requirements, whilst the SnapComms SaaS platform is designed and managed to minimize the risk of security vulnerabilities and threats. SnapComms uses Microsoft Azure as its IaaS and PaaS provider and adopts a proactive approach to ensure the security of the SnapComms SaaS platform. Microsoft Azure is compliant with the most important and popular security regulations including GDPR, ISO27001, and ISO27018. More details about compliance of Microsoft Azure are available on its compliance website.
All connections between the SnapComms endpoint apps and SnapComms cloud server are established through secure protocol HTTPS/TLS. This ensures that all data in transit is secured according to industry standards. Data at rest stored in the database is encrypted using Microsoft Azure's transparent data encryption (TDE) mechanisms.
SnapComms manages the security of the application closely by following the software vulnerabilities published by OWASP (www.owasp.org). SnapComms proactively ensures these stated vulnerabilities are sufficiently mitigated by adherence to strict development practices and regular vulnerability assessments.
REGULAR VULNERABILITY SCANS AND PENETRATION TESTS
SnapComms conducts weekly application vulnerability scans and daily network vulnerability scans by using third-party services. In addition to the vulnerability scans, SnapComms also conducts regular third-party penetration tests. The findings are treated in accordance with SnapComms Risk Management, Change Management and Patch Management processes regulated within the ISO-certified ISMS.
INDUSTRY BEST PRACTICES AND SECURITY AWARENESS
SnapComms ensures its developers, technical support staff and network management teams are well versed with current industry best practice in terms of development and management of the SnapComms solution. This includes awareness and understanding of the latest software and internet-based security vulnerabilities, which are reviewed and assessed on a regular basis.
An ISO-certified Information Security Management System (ISMS) is established where a Data Protection Officer and an Information Security Committee are appointed to oversee and implement security protocols. SnapComms also conducts regular internal and external security audits.
STANDARDS AND COMPLIANCE
SnapComms is constantly improving its security architecture by accommodating compliance requirements originating from different markets and regulation bodies. See the current snapshot of the SnapComms compliance, certifications and policies here.