Your Security is Our Topmost Priority

Ewritesonic ensures continuous monitoring and enhancement of security controls, referencing industry best practices and conformity with established security principles like the AICPA Trust Services Principles.

Ewritesonic engages reputable third parties to conduct independent assessments, including SOC 2 reports, to validate the effectiveness of security measures and maintain transparency with stakeholders about security compliance.

Ewritesonic performs annual network and application penetration tests through an independent security firm. Resolve issues promptly and keep leadership informed on the status of the security landscape.

Ewritesonic implements least privilege and role-based access controls, review user access semi-annually, and ensure that Multi-Factor Authentication (MFA) is required for accessing sensitive infrastructure and systems.

Ewritesonic utilizes robust cloud hosting providers like AWS, GCP, and Microsoft Azure to store and manage data, ensuring that all instances are hardened and employ serverless architectures for high service availability.

Ewritesonic encrypts all customer data in transit and at rest using strong encryption methods such as TLS 1.2+ with AES256 for data in transit, and AES256 for data at rest, while safely managing encryption keys with limited access.

Ewritesonic provides employees with managed workstations equipped with disk encryption and anti-malware protection, and enforces policies for automatic updates and idle lockout.

Ewritesonic applies centralized logging for all production systems to detect and respond to potential compromises. Ensuring that security incident responses are tracked to resolution by a robust incident response plan.

Ewritesonic utilizes firewalls configured to deny unsolicited incoming traffic, perform annual reviews, and leverage additional security layers like IDS, WAF, and CDN to protect against advanced threats.

Ewritesonic mandates comprehensive security awareness training for all employees upon hire and annually thereafter. Enforces policies that include the completion of background checks and the signing of confidentiality agreements.

Ewritesonic embraces a secure software development lifecycle (SDLC), including code review and automated testing. Regularly update and maintain code management processes to swiftly address vulnerabilities and apply necessary enhancements.

Ewritesonic carefully evaluates third-party service providers to ensure that they adhere to security requirements that match the company’s standards to protect processed data.