Information security
Last updated: 4th May 2023
At Connexio, safeguarding your data is a crucial responsibility that we take very seriously. We believe in transparently communicating our security practices to our customers, enabling them to understand our approach and commitment.
Organizational Security
Connexio has developed a security program that adheres to the global ISO27001 standard. This program is managed by our Chief Information Security Officer (CISO) who ensures that appropriate security measures are in place and regularly evaluated and improved.
Compliance and Regulations
Connexio meets the highest security standards and implements processes and technical solutions that enable our customers to comply with their regulatory requirements. These include but are not limited to ISO27001 standard, GDPR, CCPA and SOC2 Type 1 and use external credit card processing services, where necessary.
Protection of Our Customers’ Data
Our security program centres around preventing unauthorized access to our customers’ data. We have implemented a security control system that is associated with the entire information life cycle, and we handle all data in a well-defined manner.
Information Handling
We classify all information assets according to a developed classification matrix and distribute designated roles and ownership throughout the organization. In general, the data we process is related to cost monitoring and originates from sources that our customers already use.
Data in Transit
We transfer all data using strong Transport Layer Security (TLS 1.2) encryption between the customer’s service and our various services.
Data at Rest
We encrypt all data at rest using the Advanced Encryption Standard (AES256), and our product operates in a Virtual Private Cloud, logically separating each customer’s data.
Risk Management
Risk management is central to our activities, and we continuously identify, assess, manage, and report risks to which we may be exposed. We assess risk based on probability and impact using an established model.
HR Security
We actively work to ensure that our employees and consultants understand their responsibilities, are suitable for their roles, and are continuously trained. Prior to employment, we conduct thorough background checks that include credit history and criminal records.
Onboarding and Offboarding
We follow a strict onboarding process that includes signing an Acceptable Use Policy and security introduction sessions. Similarly, we have a predetermined offboarding process that includes communicating the ongoing liability of confidentiality clauses.
Security Awareness
We have established an awareness program that runs throughout the year, which includes training for general and targeted threats. Additionally, we conduct Phishing simulation tests.
Disciplinary Process
We have a robust disciplinary process that determines appropriate actions when a security breach occurs.
Access Management
We have implemented access management controls that ensure only authorized individuals can access our services. We use authentication controls such as Multi-Factor Authentication, hardware tokens, and Single Sign-On to secure our accounts. Privileged access is limited to authorized personnel only and regularly reviewed.
Customer Authentication Options
We offer Single Sign-On and Multi-Factor Authentication options for our customers through OKTA, Google, and Azure AD.
Physical Security
The Connexio SaaS operates on AWS, relying on its data centre security controls. We continuously monitor the compliance of these controls through independent reports. Additionally, our office facilities have industry-standard physical security protection.
Secure Development
We follow a robust development process where security is an integral part of the various development phases. All changes to source code are subject to code review and performance analysis. Before updating production services, all contributors are required to commit that their changes are working as intended in the staging environment. We are cautious when using third-party software.
If you have any questions regarding our information security policy or processes please contact our CISO at support@connexio.co