Security Policy

We make it a priority to take our users’ security and privacy concerns very seriously.

  • Home
  • Security Policy

Thousands of clients have entrusted Codium with their applications and data, and we make it a priority to take our users’ security and privacy concerns very seriously. We strive to ensure that client applications and data are kept securely, and that we collect and retain only as much data as is required to provide our services in an efficient and effective manner.

We employ some of the most advanced technology for Internet security that is commercially available and we’re committed to being transparent about our security infrastructure and practices to continue to earn the trust of our clients.

Security assurance measures at Codium occur through an integrated set of processes and activities rather than individual parts of the organisation and can occur directly through us or through our strategic partners.

Our goal is to consistently provide the highest level of protection and reliability of client applications and information . Our measure of success in this regard is our performance in security audits, the trust of our customers and, ultimately, the repeat business and referral of satisfied clients.

Codium leaders at all levels are responsible for defining metrics and improvement targets, modelling appropriate behaviours and driving actions to achieve our security goals.

All of our staff and strategic partners are expected to adhere to our security assurance practices and to contribute to continuous improvement in security assurance practices.

Our Security Policy and Management System is integrated and implemented through the active involvement of the entire organisation in complying with ISO9001 standard requirements in respect of the provision of software development and support services.

Security Assurance Practices

Wherever possible and of meaning, Codium will ensure the below practices and outputs as minimum security assurance requirements:

Hosting

The internet is accessible to everyone, including disreputable people with obscure motives. This usually means that whenever there is a possibility of exploiting your system, it will be attempted. As a result, choice of hosting environment is critical. We only deploy to hosting environment with Secure File Transfer Protocols (SFTP) to ensure uploaded/downloaded data can’t be intercepted and modified, and with Secure Socket Layer (SSL) to provide an encrypted path between the browser and web server to prevent information from being stolen.

While a range of hosting services exist at different price points, we only host on platforms that have been tested and complied with our security, scalability, support timeliness and low vulnerability to attack criteria.

Design

Codium believes security begins with design. That is, the potential harm that could arise from loss, inaccuracy, alteration, unavailability, misuse and unauthorised access is identified upfront and incorporated in the design so the application operates at a level of security that best mitigates potential harm.

Our security design in particular addresses access control, audit trails and usage records for physical and network access, data management, integrations and the client’s IT and non IT environment.

General IT Security Practices

In addition to the above software development specific practices, we adhere to generally accepted IT security practices with regard to user Authentication, Data Encryption, Data Portability, Privacy, Physical Security, Availability, Network Security, Storage Security, Organisational & Administrative Security.

Backups

We perform daily or hourly backups depending on the client to minimise loss in case of a problem or disaster.

Managing Quality

All projects shall have planning and performance of the software quality management activities required to ensure that the customer’s stated and implied needs are met and that the software product is developed in compliance with recognised best practice.

Server Maintenance

We undertake server maintenance with built in automatic alerts to keep on top of upgrades and patches and limit attacks.

Monitoring

We perform automated monitoring to detect any application or server changes or security breaches and alert our security team of issues via our team communication platform, email and sms so we can act on these in real time.

Coding Practices

Our engineers use best practices and industry standard secure coding guidelines to ensure secure coding.

Have any questions? Get in touch today with one of our digital strategists.