Security practices
at Cense.
At Cense, we treat the security of client data and that of our infrastructure with top priority. Bearing this in mind, we design our systems following the principle of “defense–in-depth”, which involves employing multiple layers of security controls to protect against a wide range of threats and vulnerabilities. This approach aims to create a resilient security posture that can withstand even sophisticated attacks.
With a relentless commitment to security, our product not only helps you onboard clients who own digital assets but also ensures regulatory compliance in the ever-evolving landscape of financial technology.
Why security matters.
Security is not just a priority; it’s a fundamental pillar of our company ethos. In the financial services sector, trust is paramount. A single security breach can lead to catastrophic consequences, including financial losses, reputational damage, and legal repercussions. As stewards of sensitive financial data, it is our duty to provide a robust security infrastructure that exceeds industry standards.
Customer centric security.
Understanding the significance of security for our clients, we have embedded a multi-layered security framework into our product and the underlying infrastructure. This includes:
Data Classification
Protection and Retention: Recognizing the sensitivity and regulatory implications of financial data, we follow strict data classification and retention policy. This policy ensures that data is categorized based on its sensitivity, and appropriate security controls are applied accordingly. Additionally, we adhere to strict retention schedules, facilitating the timely disposal of data that is no longer required for operational or regulatory purposes.
Regular Employee Training: Our staff undergoes regular training to stay abreast of the latest security threats and best practices. A well-informed team is the first line of defense against potential security breaches.
End-to-End Encryption
All data, both at rest and in transit, is encrypted using industry-leading algorithms, ensuring the confidentiality and integrity of your valuable information.
Access Controls
Our platform employs rigorous access controls, allowing you to define and manage user permissions with precision. Role-based access ensures that only authorized personnel can access sensitive data. Access is terminated in a timely manner, accompanied by periodic user access reviews.
Secure Software Development
Our AML solution is built on the foundation of secure software development practices. We adhere to industry-recognized methodologies such as DevSecOps, integrating security throughout the software development lifecycle. Code reviews, static and dynamic analysis, and regular security testing are integral components, ensuring that potential vulnerabilities are identified and addressed early in the development process. Asset Management: Understanding the criticality of asset management in securing financial data, we implement robust systems to track and manage assets throughout their lifecycle. This includes regular inventories, monitoring, and classification of assets. By maintaining a comprehensive understanding of our infrastructure and data assets, we ensure that security controls are effectively applied to protect against security threats.
Continuous Security Monitoring
Real-time monitoring of system activities enables us to detect and respond to security incidents promptly. This proactive stance is crucial in mitigating potential risks before they escalate.
Incident Response Planning: We have a robust incident response plan in place, ensuring that in the unlikely event of a security incident, we can swiftly and effectively mitigate the impact, minimizing downtime and data exposure. This also includes Disaster Recovery and Business Continuity Planning for uninterrupted operations.
Physical Security
Leveraging infrastructure provided by key Infrastructure-as-a-Service (IaaS) providers, we extend the highest level of physical security to our clients. The data centers of our chosen IaaS providers undergo rigorous assessments by external auditors, ensuring compliance with industry standards and regulations. This commitment to physical security safeguards against unauthorized access, environmental threats, and other physical risks, providing an additional layer of protection to our clients’ data.
Regular Security Audits
We conduct security audits regularly, employing third-party experts to evaluate our systems and identify potential vulnerabilities.
SOC 2 compliance
Our security measures align with SOC 2 requirements for the Security and Availability Trust Criteria, which has been confirmed by an external audit firm by issuing us a SOC 2 Type 1 report. Please reach out if you would like to receive a copy of the report.
Why choose Cense.
In choosing Cense, you are not just investing in a cutting-edge product; you are choosing a security partner dedicated to safeguarding your organization’s integrity and reputation. Our commitment to security best practices and customer-centric security measures ensures that your data remains secure, regulatory requirements are met, and your organization can confidently navigate the complexities of the financial services landscape.
Please refer to the Trust Center or reach out directly to security@cense.com for a detailed breakdown or discussion of our security practices.