SOLiDPRO Cybersecurity Policy

Introduction

SOLiDPRO is committed to providing a secure and reliable platform for our clients. This Cybersecurity Policy outlines the measures in place to protect data privacy, system integrity, and the confidentiality of information within the SOLiDPRO Net-Zero Intelligence Solution.


Our cybersecurity approach employs technical, physical, and administrative safeguards to ensure the highest level of security. SOLiDPRO also supports cybersecurity policy with ISO 27001 certification through its partner.

Software-Side Security

  • Data Encryption: All data traffic, including data collection from users and access to web-based user interfaces, will be encrypted using SSL (HTTPS) to protect against eavesdropping and unauthorized access.
  • User Authentication: User passwords will be securely hashed using the bcrypt algorithm, which is highly resistant to brute-force attacks. Strong password policies will be enforced.
  • SQL Injection Protection: To prevent SQL injection attacks, prepared statements will be used for all database interactions, ensuring that user input cannot be used to manipulate queries.
  • Cross-Site Scripting (XSS) Prevention: User inputs will be filtered to protect against cross-site scripting (XSS) attacks. This will help safeguard user data and prevent malicious code injection.
  • Logging: All user actions within the platform will be logged for auditing and monitoring purposes. This will enable the detection of suspicious activities and rapid incident response.
  • Code Analysis: Regular static code analysis will be performed on the platform's software source code to identify and mitigate potential security issues promptly.

Server-Side Security

  • Network Access Control: Only the user-facing application servers will be accessible from the Internet. Other servers, such as the database and auxiliary servers, will be located inside a virtual private network (VPN) to restrict access.
  • Firewall and VPN: Firewall rules can be configured to limit service access to specific IP ranges, and VPNs can also be utilized to further restrict access. This adds an extra layer of security by controlling who can access the platform.
  • Server Log Monitoring: Server logs will be continuously monitored for suspicious traffic patterns and potential security breaches. Any unauthorized access attempts will be investigated and addressed promptly.
  • Brute-Force Protection: To mitigate brute-force attacks, rate limiting will be applied to incoming requests, and repeated unauthorized login attempts will result in temporary or permanent bans.
  • Patch Management: Regular security patches and updates for the operating system and all software components will be applied promptly to address known vulnerabilities and enhance system security.
  • Data Backup: Daily backups will be made and transferred off-site for safe storage, ensuring data integrity and disaster recovery readiness.

Conclusion

This Cybersecurity Policy demonstrates our commitment to maintaining the security and integrity of the SOLiDPRO Sustain Platform. We continuously strive to improve our security measures and stay vigilant against emerging threats. Security is a shared responsibility, and we expect all users to adhere to these policies and best practices to protect our system and data.