SECURITY POSTURE.
How we run our infrastructure, protect client data, and respond to incidents. The same standards apply to our agency work and to our products.
1. Infrastructure
Production systems run on hardened cloud infrastructure with isolated tenancy per client. Secrets are stored in a managed vault. No shared credentials, no developer laptops in the trust boundary.
2. Access control
SSO + MFA on every internal system. Role-based access on engagements. Access logs retained for twelve months. Quarterly access reviews.
3. Data handling
Client data is encrypted at rest (AES-256) and in transit (TLS 1.3). We minimize collection: if we don't need it for the deliverable, we don't take it.
4. Vulnerability management
Automated dependency scanning on every commit. Static analysis on pull requests. Annual third-party penetration test.
5. Responsible disclosure
Found a vulnerability? Email abbas@getcyberregnum.com with reproduction steps. We respond within two business days, no legal threats, no NDAs required.
6. Sub-processors
A current list of sub-processors is provided on request as part of engagement onboarding.