Security & Compliance #

At PatchFox, we take cybersecurity seriously and are committed to providing comprehensive solutions to safeguard your organization’s digital assets and sensitive information. Our expertise lies in assisting businesses like yours in achieving and maintaining robust security measures and regulatory compliance.

Access Controls #

Staff access to tools, services, and data follow the need-to-know and least-privilege principles. Two-factor authentication is used where appropriate.

Application Security #

AppSec is practiced using a secure lifecycle, including requirements, design, coding, testing, deployment, hosting, and maintenance activities. We use OWASP best practices, automated security testing tools, and CVSS severity ratings to facilitate vulnerability prioritization and management.

Cloud Services #

PatchFox uses cloud service providers for application hosting, corporate communication such as email and document storage, and other back-office tools. We secure our cloud instances using native and third-party tools, and good practices. Defense-in-depth approaches are used within the network architecture and cloud services infrastructure.

Refer to https://learn.microsoft.com/en-us/azure/compliance/ for Microsoft Azure compliance documentation.

Data Privacy #

Sensitive data is encrypted in transit and at rest. Periodic data backups support service disruptions and data recovery. Data in transit is encrypted by way of https. Data at rest is encrypted using AES-256. Refer to https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview for more information about how data is encrypted at rest in Azure.