Zentitle2 implements a protocol for handling security events and other operational issues which includes escalation procedures, rapid mitigation, and post-mortems. You can visit our status page for updates.
We have a team of engineers on staff monitoring our infrastructure for cybersecurity events or threats.
Our staff uses the Drata Security & Compliance Automation Platform and independent 3rd party testers to monitor, secure and test our platform continuously.
Nalpeiron, Inc also maintains Cyber Liability Coverage for $1,000,000.
Zentitle2 ensures that your data is handled securely and complies with the Data Privacy Framework. The European Union (EU)-United States (US) Data Privacy Framework (DPF) as the primary personal data transfer mechanism for EU-US, UK-US and Swiss-US personal data transfers. You can visit our privacy page for details.
Nalpeiron has a dedicated European Union (EU) Representative with the Prighter Group.
Nalpeiron certifies to the Data Privacy Framework Program.
You can find our record at the DPF program website at https://www.dataprivacyframework.gov/s/participant-search
Zentitle encrypts your data in transit and at rest. We use modern cryptographic algorithms like AES256/HTTPS and follow key management best practices with strict user access control.
We use the OAuth standard to authenticate you and for access to our APIs.
Single tenant option: total flexibility in the build, location, security, and structure of your deployment.
Need a different security setup, we can build what you need on your choice of hyperscaler.
Data is backed up using best in class AWS tools and kept in multi-region storage.
- Point in time recovery -> 35 days
- Weekly Full -> 3 months
- Monthly Full -> 3 months hot storage, forever in cold storage
TurboScale: provides dynamic scaling of the Zentitle2 (and all the key elements of the platform) up and down as traffic increases or decreases to ensure high availability no matter the traffic volume.
Zentitle2 is hosted on Amazon Web Services and is designed with resilience and continuity in mind. Key measures include:
Multi-AZ Deployment: Our database spans multiple Availability Zones (AZs) within an AWS Region. This ensures uninterrupted service even during AZ outages.
Application Server Resilience: Our application servers operate across multiple AWS AZs, automatically scaling and maintaining high availability.
Autohealing: Our application services are configured for autohealing. If a server instance fails, the system automatically replaces it with a healthy instance. This proactive approach minimizes downtime and ensures seamless service delivery.
Infrastructure as Code (IaC): We use Infrastructure as Code to define our entire infrastructure. In case of a disaster, we can swiftly recreate our environment.
Testing and Monitoring: Regular drills validate our recovery procedures. Monitoring alerts us to anomalies.
We conduct extensive security-design reviews and regular penetration tests. All employees and contractors complete security training, including topics like information security, data privacy, and password security. They also sign a confidentiality agreement before working for Nalpeiron.
Our approach will always be to provision on a ‘need-to-know’ basis. Only a limited number of skilled engineers, whose job function is to support and maintain the Zentitle2 environment, are permitted access to our production environment. SSH keys and credentials are rotated regularly and 2-factor authentication is enforced whenever possible.
Application Security (SAST)
We use advanced code scanning and cloud vulnerability assessments to identify potential problems before deployment. We scan our containers and dependencies for known vulnerabilities to continuously improve our security posture.
Zentitle2 runs a SAST engine based on best-in-class open-source scanners. This module's goal is to find security issues in our code and run reports for our Customers' cybersecurity eviews.
Cybersecurity Reports
We can generate reports that can be used as part of your cybersecurity assessment. The documents include SBOM (Software Bill of Material) and SAST (Static Application Security Testing is performed automatically on all production repositories and docker containers) reports that form part of our Software Development Lifecycle.
To request the latest Nalpeiron security audit report, follow the Help menu in Zentitle2, where you can create a Support Ticket and ask for a secure link to the latest reports.
In addition to our internal testing, we hire an external firm each year to conduct penetration testing at the network and application levels.
We use risk assessment tools from Drata to run regular internal audits.
Customers can centrally manage their access to Zentitle using single sign-on (SSO) that has 2FA as standard. Zentitle data is encrypted at rest and in transit, and actions are recorded in an audit log.
Payment processing is done by Stripe which handles any credit card information for any of our customers. Stripe is certified to PCI Service Provider Level 1 which is the most stringent level of PCI DSS certification available.
Our cloud providers (AWS and Azure) comply with industry-leading security practices and frameworks, including SOC2, ISO 27001, and PCI DSS. AWS and Azure data centers are monitored by 24×7 security, biometric scanning, video surveillance and more.
Reliability, scalability, trust and security are core to our commitment to our customers. Our enterprise-grade security features and comprehensive audits ensure we're aligned to industry best practices. Zentitle2 adheres to data security, availability and confidentiality standards developed by SOC 2. AWS and Azure are SOC2 and ISO-27001 certified.
Our systems are constantly monitored using the Drata Continuous Control and end point Monitoring platform.
Zentitle is in the process of getting SOC 2 Type 2 approval.