Keeping our clients' data secure is an absolute top priority at slikk. Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience. To email us with a vulnerability or other security concern, send an email to email@example.com.
SOC 2 Compliance
Security and trust are integral at slikk. We have achieved audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification ensures our organizational and technology controls are independently audited at least annually. Please contact firstname.lastname@example.org for slikk's latest report.
Data Center Security
slikk customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security. AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here.
All slikk web application communications are encrypted over 256 bit SSL, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data for slikk is encrypted at rest using AES-256 encryption. slikk maintains ongoing PCI compliance, abiding by stringent industry standards for storing, processing and transmitting credit card information online. slikk actively monitors ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract a third party for penetration testing.
slikk's infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete data and access segregation, firewall protection, and other security features.
slikk employs strict security standards and measures throughout the entire organization. Every team member is trained and kept up to date on the latest security protocols. We regularly undergo testing, training, and auditing of our practices and policies.
1. Purpose, Scope, and Organization
What is this document, why does it exist, what does it cover, and who is in charge of it?
This policy defines behavioral, process, technical, and governance controls pertaining to security at slikk that all personnel are required to implement in order to ensure the confidentiality, integrity, and availability of the slikk service and data (“Policy”). All personnel must review and be familiar with the rules and actions set forth below.
This Policy defines security requirements for:
- all slikk employees, contractors, consultants and any other third parties providing services to slikk (“personnel”),
- management of systems, both hardware and software and regardless of locale, used to create, maintain, store, access, process or transmit information on behalf of slikk, including all systems owned by slikk, connected to any network controlled by slikk, or used in service of slikk’s business, including systems owned third party service providers, and
- circumstances in which slikk has a legal, contractual, or fiduciary duty to protect data or resources in its custody.
In the event of a conflict, the more restrictive measures apply.
1.1. Governance and Evolution
This Policy was created in close collaboration with and approved by slikk executives. At least annually, it is reviewed and modified as needed to ensure clarity, sufficiency of scope, concern for customer and personnel interests, and general responsiveness to the evolving security landscape and industry best practices.
1.2. Security Team
The slikk security team oversees the implementation of this Policy, including
- procurement, provisioning, maintenance, retirement, and reclamation of corporate computing resources,
- all aspects of service development and operation related to security, privacy, access, reliability, and survivability,
- ongoing risk assessment, vulnerability management, incident response, and
- security-related human resources controls and personnel training.
1.3. Risk Management Framework
The security team maintains a Risk Management Framework derived from NIST SP 800-39 - “Managing Information Security Risk: Organization, Mission, and System View” and NIST SP 800-30 - “Guide for Conducting Risk Assessments”. Risk assessment exercises inform prioritization for ongoing improvements to slikk’s security posture, which may include changes to this Policy itself.
Our Risk Management Framework incorporates the following:
- Identification of relevant, potential threats.
- A scheme for assessing the strength of implemented controls.
- A scheme for assessing current risks and evaluating their severity.
- A scheme for responding to risks.