Shopalyst has processes and controls in place to ensure that customer data is secure on our platform. Security is at the heart of our product development life cycle, achieved by ingesting security reviews/tests in every stage of software development pipeline.
User access to all applications on Shopalyst platform is secured with two factor authentication. Role based access control ensures that users can only access information they are permitted to.
Shopalyst uses DevSecOps methodology for continuous monitoring and improvement of application security. DevSecOps pipeline includes static application security testing and vulnerability scanning of hosts & containers.
Hosted in isolated private networks, Shopalyst servers are protected with advanced firewalls and next generation threat/malware detection/prevention solutions
Shopalyst servers and applications are protected from Distributed Denial of Service (DDoS) attacks and other threats such as SQL Injection and Cross-Site Scripting
All endpoint devices are protected with advanced endpoint detection and response (EDR) solutions driven by machine learning and artificial intelligence
All data in transit is secured using recommended TLS protocol versions and all applications enforce SSL traffic. Personal/sensitive data at rest is encrypted using industry standard encryption algorithms
Shopalyst applications have a guaranteed uptime of 99.5%. Redundant infrastructure, continuous monitoring and automated backups/failover mechanisms ensure minimum downtime in the event of an outage
Continuous monitoring and alerting is in place for application/infrastructure outages, critical configuration changes and other security incidents. All access to infrastructure and cloud environment is monitored and logged.
Shopalyst applications and infrastructure are periodically tested for security issues/vulnerabilities by certified 3rd party agencies
Shopalyst is SOC 2 Type 2 attested on all 5 trust service criteria - Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Principles and Criteria)
Read our Announcement here
Shopalyst applications which handle payment data is PCI DSS certified.