CREDVUE Payment products are hosted on cloud infrastructure platforms with SOC 2 Type II and ISO 27001 certifications. These certifications ensure robust security measures, including dedicated security personnel, strict physical access controls, and comprehensive video surveillance.
CREDVUE Payment follows a patch management process to identify and resolve missing patches in the product infrastructure, ensuring all software packages remain up to date.
CREDVUE Payment has predefined incident response processes and investigation data sources, refined through regular preparation activities. Standard incident response structures are in place to ensure timely and appropriate actions.
All sessions are protected with in-transit encryption using 2,048-bit or stronger keys and TLS 1.2 or higher, ensuring data integrity and confidentiality.
CREDVUE Payment employs web application firewalls, network-level firewalls, and DDoS prevention measures to protect systems and ensure uninterrupted access.
We follow secure coding practices aligned with OWASP guidelines, conduct bi-annual application security assessments with third-party vendors, and utilize static code analysis, Software Composition Analysis (SCA), Software Bill of Materials (SBOM), and Infrastructure as Code (IAC). A comprehensive bug bounty program is in place. For more details, refer to our Responsible Disclosure Policy.
Quarterly vulnerability assessments are conducted on our network infrastructure to identify and mitigate potential risks, ensuring secure and compliant systems.
Third-party penetration testing firms perform thorough security assessments of products and infrastructure to safeguard customer data.
Regular external audits and certifications ensure compliance with industry standards, reflecting our commitment to security and operational excellence.
CREDVUE Payment maintains high availability, ensuring uninterrupted service. Customer data is protected via redundant backups and regular snapshots for disaster recovery.
Proprietary and industry-standard tools are used to monitor application, software, and infrastructure performance continuously.
Redundant failover systems mitigate single points of failure, ensuring continuous service availability.
Comprehensive disaster recovery procedures allow rapid data and application restoration. Point-in-time recovery supports restoration of data up to 35 days, minimizing downtime.
Access is strictly controlled and limited to authorized personnel within the organization.
CREDVUE Payment uses AWS cloud infrastructure, with environments isolated within private networks. Customer information is never stored on local or on-premises infrastructure, including development and testing environments.
For further details, please refer to our Privacy Policy.