Defense in Depth (layered defensive mechanisms), and Defense in Breadth (multiple and automated security controls) are the pillars of our cyber defense strategy. Comprehensive and layered physical, technical and administrative controls are in place to protect data and to block threats before they can reach endpoints.
As Today’s cyberthreats are evolving and growing rapidly, we continuously review and enhance our defenses.
Security Standards and Compliance
SOC 2 is a set of compliance requirements and audit procedures for technology-based service organizations that store customer data in the cloud. Domotz continuously enforces, improves, and audits all its controls relevant to security to ensure compliancy with SOC 2. Controls include physical and logical access, control environment and activities, risk assessment and mitigations, system operations, change management, communications and information. Independent auditing firms perform regular audits and issue periodic reports. Our customers can contact [email protected] to obtain the latest available SOC 2 report.
Domotz has also adopted CIS Control® as a global standard and a set of recognized best practices for securing IT systems and data against the most pervasive attacks and threats. Furthermore, Domotz is also part of the OWASP community and use a number of OWASP tools and resources, as well as OWASP’s education and training programs.
Physical & Data Centers Security
Domotz servers are hosted on Amazon Web Services (AWS), state-of-the-art data centers with electronic surveillance, multi-factor access control, and 24-7 security guard protection.
The data centers are ISO 27001, ISO 27017, and ISO 27018 certified, and undergo regular SOC 2 Type II audits.
Domotz has adopted the best administrative, physical, and technical industry-standards to protect the confidentiality of data and the security of credential stored in the system.
Domotz uses strong cryptography and security protocols for data in transit and at rest. Cryptographic keys are managed, secured, restricted and rotated according the recommendations of National Institute of Standards and Technology to NIST SP 800-57 Part 1 Recommendation for the management of encryption keys.