Security

Our goal is to provide a robust and secure environment while delivering great application performance and overall user experience.

Compliance

ico-logo

ISO 27001:2022

embed signage - digital signage software - cyber essentials certified - security

gdpr

Product security

SSO & User Provisioning
SAML Single Sign-on (SSO) allows the authentication of users via third party identity providers (IdP) without requiring them to enter additional login credentials on .

User Provisioning provides the ability to add, manage and remove users and groups on an account via third party providers including Azure Active Directory and Okta.

Two Factor Authentication (2FA)
2-factor authentication (2FA) can be enabled for an additional layer of security. 2FA operates via email or using a Mobile Authentication app.

User Roles and Groups
User permission control is available within the software to ensure that the correct level of access can be applied to the relevant users. Users can also be segmented into Groups. Permissions are customised when creating Roles in the software and assigned to users, providing different levels of access.

Password Encryption
Strong passwords are enforced and encrypted using Bcrypt.

User Responsibility
Users have a responsibility to keep their passwords protected at all times and not shared with other users. We recommend that each user updates their own password every 60 days and does not leave their account logged in when their desktop / laptop is unattended.

Uptime
uptime target is 99.9% or higher, 24/7.

Network and datacenter security

Hosting and storage
services and data are hosted within our own Virtual private cloud on the Google cloud platform in the London (europe-west2) region across multiple zones for high availability.

For Google cloud compliance see https://cloud.google.com/security/compliance/

Media files are hosted in Rackspace cloud files.

For Rackspace compliance see https://www.rackspace.com/en-gb/compliance

Recovery / backup
databases have high availability enabled, meaning that in the event of a zonal outage within the London region or when an instance runs out of memory, data will still be available and services will continue to operate.

In the event of a database corruption or loss of data, databases have point in time recovery enabled, which allows us to restore the database to its previous state before the error.

Media file backups are uploaded to our rackspace cloud files which moves the backup files into 3 different storage locations within the UK Datacenter for redundancy.

Employee Access
Access to customer data is limited to authorised employees only. These employees require this level of access to do their job sufficiently.

runs a zero trust corporate network, with strong rules in place to prevent unauthorised access to data. This ensures there are no additional privileges or resources available by just being on the embed signage corporate network.

enforces the use of SSO, MFA and strong password policies on our network, Github, Google cloud platform and to ensure access is protected.

Monitoring
Network, system and application logs including audit logs are sent to our SIEM tool for analysis.

All servers and endpoints have agents installed to continuously monitor for any malicious activity or vulnerabilities and a vulnerability management program is in place to ensure patches to software are applied as quickly as possible.

Encryption
is served entirely over HTTPS and all data sent to and from is encrypted in transit using 256 bit encryption. TLS 1.2 minimum. scores “A” rating on the Qualys SSL labs test.

We only use the strongest cipher suites and all data is encrypted at rest using AES-256 encryption.

Incident Response

has processes in place to deal with any security incidents. All employees are informed of these processes and policies.

Application security

CI/CD pipeline with enforced checks and code reviews
development team utilises a strong CI/CD pipeline (continuous integration/continuous delivery) with enforced checks and code reviews.

SAST, SCA, IaC tests
Static Application Security Testing is in place ensuring only secure code is deployed.

Software Composition Analysis is also in place to ensure any open source or third party software that we use is also secure and free from vulnerabilities.

Infrastructure as Code scanning is also used to ensure no misconfigurations in the cloud environment.

Vulnerability Scanning
services are continuously scanned for vulnerabilities using third party security tools and the security team will handle any issues raised as a priority.

Production vs Staging
All changes are tested on a staging environment prior to deployment to avoid any vulnerabilities and downtime in production.

Employee security

Security Awareness Training
All employees undergo security awareness training annually and receive simulated tests throughout the year to ensure they are kept up to date with the latest security threats.

Secure Code Training
Employees that are required to access and/or edit the product code, also undergo secure code training.

Confidentiality Agreements
Non-disclosure Confidentiality agreements are required to be read and signed for all employees.

Policies
We have a set of security policies covering a range of topics. These policies are updated as required and shared with all employees.

Start your Free Trial

Start your completely free, 28 day trial right now and begin exploring your new digital signage software.

Get started

Share This