Trust Centre

Security is the bedrock that guides our decision making

We are committed to keeping our clients data and have aligned our security posture to industry best practices.

Security Policies

We’ve referred to a few documents and resources on this page and we encourage you to dig into them if you want to understand more about our approach to security and trust.

Access Control Policy

The policy defines which users or user groups have access to specific networks and resources held within those networks. It includes rules governing the creation and revocation of user accounts and associated rights in addition to the creation and control of networks and networked services.

Encryption and Cryptography Policy

The purpose of this policy is to ensure that cryptographic keys are effectively and securely managed. This includes their creation and safe storage as well as the policies governing their use within the Profectus information networks and any associated client or other integration points.

Secure Software Development Policy

This policy covers the development practice for all technical staff across all Profectus developed products and services. This includes all client-facing applications as well as any software services built for Profectus internal use and any development performed by contractors or any other third-party support services. Much of this policy is derived from and supports the principles developed as a part of The Open Web Application Security Project (OWASP)

Software and Testing Policy

This policy covers all software testing activities at Profectus, including any outsourced or contracted team members. Profectus employs an Agile development methodology and aims to continually increase emphasis on automated testing. Therefore this policy is written from that perspective.

Compliance and Certification