Security Drives PowerDMARC’s Culture, Value and the Platform
We focus on embedding security every step of the way and in all our processes, starting from our core engineering teams, as well as at an executive level as a strategic function that is responsible for critical, company-wide policies, decisions, and activities.
As your trusted business partner, we not only believe in, but also act on a policy of transparency, offering responsible and timely communications. Furthermore, we hold others in our ecosystem to the same high security standards; ensuring that working with PowerDMARC means working with a vetted, secure solution and partner who understands that you expect the maximum return on your security investment.
PowerDMARC commits to compliance as a way of transparently communicating our security posture to our customers. PowerDMARC complies with the following standard regulations:
- ISO 27001
- California Consumer Privacy Act
At PowerDMARC we recognize that our employees are the cornerstone of our security posture, and security controls are the most effective when they are supported by a robust security culture. As such, we engage our employees (and contractors) in a culture of security for the entire employee lifecycle, from the time they apply and throughout their time at PowerDMARC. This culture includes:
- Background Checks
- Information Security Awareness
- Device Security Management
PowerDMARC’s Secure Systems Development Life Cycle (SSDLC) ensures that security is incorporated from the inception of a new project and continued throughout the entire life of the system. The security of services and applications is important to maintain the reliability and integrity of data under the stewardship of PowerDMARC. This has become increasingly important in recent years as applications are becoming more and more complex, and the cost of remediating a vulnerability after release is often relatively higher than if it had been detected during the early stages of development. We write secure-by-design software, embedding product security engineers to work with engineering from ideation through release.
The scope of the SSDLC includes all systems development and integration projects used for and in support of the PowerDMARC service. Moreover, the process is applied to all project efforts associated with the development, implementation and maintenance of new and existing systems.
Vulnerability Management & Penetration Testing
We run automated vulnerability scanning on a monthly basis for our servers and instances. We also run 3rd party independent penetration tests at least every 12 months. The scope of the SSDLC includes all systems development and integration projects used for and in support of the PowerDMARC service. Moreover, the process is applied to all project efforts associated with the development, implementation and maintenance of new and existing systems.
All New Features
We perform end-to-end third-party penetration tests.
Privacy & Personal Data
GDPR Data Processing https://powerdmarc.com/data-processing-agreement/
Principles of least privilege are applied to both employees and system components.
Data and Media Disposal
On customer’s request or otherwise following termination of the subscription services, if and to the extent a customer cannot delete customer data stored on PowerDMARC’s systems using the then existing features and functionality of the PowerDMARC Platform. PowerDMARC will destroy the customer data in PowerDMARC’s custody or control.
PowerDMARC services have built-in rate limiting and automated blocking features to mitigate advanced denial-of-service or authentication attacks. PowerDMARC infrastructure is protected against volumetric attacks by CloudFlare as well.
Web Application Firewall
PowerDMARC services are protected by Fortinet FortiWEB Web Application Firewall services.
PowerDMARC processes all payments through Stripe.com and does not store any card information on its platforms or systems.