Dorado Software is diligent about all aspects of security. This document outlines our high-level policies and procedures to ensure information security and data protection.
Organizational Security
Supply Chain Security
We recognize that our customer inherits any/all potential security vulnerabilities that exist in any installed software. As a result, we go above and beyond even the strictest standards to ensure that our software does not expose our customers to any unnecessary risks.
Physical Security
The first line of security is physically restricting access. Policies and procedures are in place to govern the safe storage of corporate, personal, and customer data, including:
-
-
- Corporate and customer hard copy data is stored in locked facilities requiring multiple physical access methods
- Security cameras monitor daily access
- Data printing or distribution must follow security procedures to prevent unauthorized access to the distribution of private data
-
Network Security
Securing digital data and access to digital data is managed by the security team. The security team uses the latest technologies to prevent electronic intrusion and data breaches. These include:
-
-
- Intrusion detection/prevention systems
- Virus scanning
- Firewalls
- Secure communication with the highest levels of encryption
- Strict electronic data access controls and monitoring
- Production network change and patch management
- Secure communication protocols
-
Personnel
Educating employees and constant emphasis on security is an effective way to maintain a high-security mindset. Personnel security includes:
-
-
- Employee screening to identify potential security risks
- Employee onboarding and requirements for review security policies, procedures
-
-
-
- The standard requirement for review and sign-off for security policies/procedures
- Access restriction to physical areas
- Access restriction to electronic data
- Frequent and complex password updates
- Consequences for violating security protocols
-
Business Continuity
Our customers' business may be at risk if we are unable to provide ongoing maintenance and support of our products. A well-constructed business continuity plan provides the ability to recover quickly from a catastrophic event ensuring that there is no impact, or minimal impact, to our customers. Our plan includes:
-
-
- Regular, secure, and protected data backup with off-site storage
- Cloud-hosted business services
- Tested recovery plan
- Facility power redundancy
- Network redundancy
- Fire prevention /control systems
-
Product Security
Software Development
Our development teams use the Agile methodology to develop secure and robust software products. Agile is an iterative process that allows us to respond quickly to changing customer requirements while maintaining strict development standards. Security is an integral part of the development process and quality assurance program starting from design through implementation and quality control. Along with security best practices in development, the test cycle also includes scanning for known vulnerabilities, security scans, client and server-side security, and penetration testing. Source code is accessible only by authorized personnel, and modifications are scrutinized for security-best-practices and undocumented entries.
Incident Management
If an incident occurs and a new vulnerability, security issue, or data breach is discovered, there are formal policies in place that determine the response. These policies identify the responsible parties and how to follow up and notify the affected customers. The response team is responsible for analysis of the incident to determine scope and severity as well as resolution and process improvement analysis to capture future preventative measures.