Security & Compliance Policy

 

 

 

 

 

 

Security & Compliance Policy

Last Updated: March 26, 2025

At Aetegis (https://www.Aetegis.com), security and compliance are foundational to our operations. As a leader in cybersecurity development, blockchain solutions, and data protection, we adhere to the highest standards to safeguard our clients, partners, and systems. This policy outlines our security practices, compliance frameworks, and risk management approach.

1. Security Principles

We operate under the following core security principles:

A. Confidentiality

  • Data Encryption: AES-256 for data-at-rest, TLS 1.3+ for data-in-transit.
  • Access Control: Role-based access (RBAC) and multi-factor authentication (MFA) for all internal systems.

B. Integrity

  • Tamper-Proof Records: Blockchain-secured audit logs and cryptographic hashing (SHA-3).
  • Code Integrity: All software undergoes code signing and verification.

C. Availability

  • Uptime: 99.9% SLA for critical services.
  • Resilience: DDoS protection, geo-redundant backups, and failover systems.

2. Compliance Frameworks

We align with globally recognized standards:

Framework Scope Status
ISO 27001 Information Security Management Certified
SOC 2 Type II Data Privacy & Operational Security Certified
GDPR EU Data Protection Fully Compliant
CCPA California Consumer Privacy Fully Compliant
NIST CSF Cybersecurity Best Practices Implemented
HIPAA Healthcare Data Protection Compliant (If Applicable)

3. Cybersecurity Practices

A. Secure Development (DevSecOps)

  • Code Audits: Static (SAST) & dynamic (DAST) analysis for vulnerabilities.
  • Blockchain Security: Smart contract audits (e.g., CertiK, ConsenSys Diligence).
  • Penetration Testing: Quarterly third-party red-team exercises.

B. Infrastructure Security

  • Cloud: AWS/GCP/Azure with zero-trust architecture.
  • Endpoint Protection: CrowdStrike Falcon, SentinelOne.
  • Network: Next-gen firewalls, IDS/IPS, and segregated VLANs.

C. Data Protection

  • Encryption: AES-256 for stored data, TLS 1.3+ for transmissions.
  • Pseudonymization: Applied for GDPR/CCPA compliance.
  • Blockchain: Immutable audit trails for critical operations.

4. Incident Response

  • 24/7 Monitoring: SIEM (Splunk) with automated alerts.
  • Breach Protocol:
    1. Containment: Isolate affected systems within 1 hour.
    2. Investigation: Root-cause analysis completed within 72 hours.
    3. Notification: GDPR-compliant reporting to regulators within 72 hours.
    4. Recovery: Full system restoration within 7 days.

5. Third-Party Risk Management

  • Vendor Requirements: ISO 27001 certification or equivalent.
  • Assessments: Annual security reviews for cloud providers (AWS, Azure).

6. Employee Training

  • Mandatory Programs:
    • Quarterly phishing simulations (98% pass rate required).
    • Secure coding training for developers.
  • Background Checks: Conducted for all hires.

7. Compliance Documentation

  • Available Upon Request:
    • SOC 2 Type II Reports
    • Data Processing Agreements (DPAs)
    • ISO 27001 Certification

8. Contact

For security inquiries or to report vulnerabilities:
🔒 Email: info@aetegis.com
🔐 PGP Key: Download Here

Note: This policy is reviewed biannually (next review: September 26, 2025).

Contact Us