Before deployment, new developments are qualified, reviewed and automatically tested through our code quality pipeline which validates that the version conforms with our standards in terms of functionality, code coverage, performance and security.
Strong password policy is in place. Single Sign-On is available. The supported protocol is SAML 2.0.
We support two types of authentication: - Standard authentication (8 characters minimum length, complexity options and CAPTCHA), - SAML SSO v2.0 (complexity rules are imposed by the customer's IDP).
Contentsquare leverages a web-application firewall to detect and block application-level attacks, vulnerability and for incident response automation.
To protect against that we have the following layers of controls:
- SDLC process with peer-review, static code analysis and dynamic analysis of every change, this process is audited by external party is it is in the scope of our ISO 27001 certification
- External penetration tests of our tag (report can be provided on demand)
- Compatible CSP
Security Organization & Governance
Contentsquare has an established function responsible for security and data compliance across the organization. Contentsquare security governance and ISMS closely follows ISO 27001 standard:
– Annual risk analysis
– Key Performance Indicators are issued quarterly to ensure that the ISMS is running efficiently
– Dedicated security policies and procedures that cover all of the 133 controls of the ISO 27001 (reviewed annually)
At Contentsquare, security starts with its people. Contentsquare invests in properly vetting and training staff to ensure that there is an organization-wide appreciation for security. Before hire, limited background checks (identity, education) are performed.
Confidentiality agreements signature and security training completion are deployed and required upon employees’ onboarding.
Corporate IT Security
Contentsquare commits to the highest standards of security. As such, IT corporate resources require an appropriate level of safeguards:
– Corporate networks are fully segregated from production networks
– Corporate networks are monitored by an Intrusion Detection System
– Corporate networks and devices are analysed monthly with a vulnerability scanner
– Laptops are pre-configured with an endpoint protection and antivirus software
– Laptops hard-drives are encrypted at-rest
– Clean desk policy