X
Home / Org Security

Organizational Security

Information Security Program

Yariex Group Corp maintains an Information Security Program that aligns with the SOC 2 framework, ensuring client data's confidentiality, integrity, and availability. This program is regularly communicated to maintain a strong security posture.

Third-Party Audits

We will undergo third-party audits as part of our SOC 2 certification process to independently validate our security and compliance controls.

Third-Party Penetration Testing

We conduct third-party penetration tests biannually to ensure our security posture remains uncompromised.

Roles and Responsibilities

All roles and responsibilities related to security and data protection at Yariex are clearly defined and documented. Our team members regularly review and follow security policies in line with SOC 2 compliance requirements.

Security Awareness Training

All employees must complete security awareness training covering industry-standard practices such as phishing, password management, and secure coding practices.

Confidentiality

All team members sign a confidentiality agreement upon joining Yariex to protect sensitive information.

Background Checks

We perform background checks on all new hires in accordance with local laws to maintain the security and integrity of our team.

Cloud Security

Cloud Infrastructure Security

Our services are hosted on Amazon Web Services (AWS), which provides a robust security infrastructure with multiple certifications, including SOC 2. For more information, please visit AWS Security.

Data Hosting Security

We store all data in AWS data centers within regions that meet our data sovereignty and privacy requirements, ensuring that sensitive information remains protected in the appropriate jurisdictions. AWS allows us to control data residency by selecting specific regions to host our data, ensuring compliance with regulations such as PIPEDA (Canada), GDPR (EU), and other applicable laws as required. For more information, refer to AWS Security Documentation.

Encryption at Rest

All databases storing sensitive information are encrypted at rest to prevent unauthorized access.

Encryption in Transit

All communications and data transfers between our applications and servers are encrypted using TLS/SSL to ensure data security during transmission.

Vulnerability Scanning

We perform quarterly internal vulnerability scans, with third-party scans scheduled biannually once the platform is production-ready, to identify and address potential security risks proactively.

Logging and Monitoring

We actively log and monitor critical events across our infrastructure to detect and mitigate potential threats in real time.

Business Continuity and Disaster Recovery

Backup Services

Our data is continuously backed up using reliable backup services, ensuring that any hardware failure does not result in data loss.

Incident Response

Yariex has an Incident Response Plan that includes escalation procedures, mitigation strategies, and communication protocols to ensure rapid response to security incidents.

Access Security

Permissions and Authentication

Access to our cloud infrastructure, GitHub, and internal tools is restricted to authorized personnel only, using the principle of least privilege.

SSO, 2FA, and Strong Passwords

We use Single Sign-On (SSO) and Two-Factor Authentication (2FA) to enhance security, combined with strong password policies across all systems.

Quarterly Access Reviews

We review user access to sensitive systems quarterly to ensure permissions remain appropriate based on job roles.

Password Managers

Team members must use password managers on company-issued devices to securely store and manage credentials.

Vendor and Risk Management

Annual Risk Assessments

Yariex conducts annual risk assessments to identify and mitigate potential risks, including security vulnerabilities and fraud.

Vendor Risk Management

Before engaging with third-party vendors, we perform comprehensive vendor risk assessments to ensure they meet our security and compliance standards.

Contact Us

If you have any questions, comments, or concerns regarding security or to report a potential security issue, please get in touch with our support team at [email protected].