1. Program overview
SoftGrid operates a documented information-security program aligned with ISO/IEC 27001 controls. Audits and penetration tests are performed annually.
2. Application security
- Secure SDLC with mandatory peer review and SAST/DAST scanning.
- Dependency monitoring and patch SLAs (critical: 72h, high: 7d).
- Least-privilege access with SSO + MFA for all engineers.
3. Data protection
- TLS 1.2+ in transit; AES-256 at rest.
- Customer data isolated per tenant; key management via cloud KMS.
- Backups encrypted and tested quarterly.
4. Infrastructure
Workloads run in ISO 27001 / SOC 2 certified European data centers. Network segmentation, WAF, and DDoS protection enabled.
5. Incident response
24/7 on-call rotation. Customers are notified of confirmed incidents within 72 hours per GDPR Art. 33.
6. Responsible disclosure
Report vulnerabilities to security@softgrid.example.com. PGP key available on request. We commit to acknowledging within 2 business days.