Security and compliance, built into everything we do

We protect client data at rest and in transit. Our approach spans internal processes, leading standards like ISO 27001, and regulations like the GDPR.

ISO 27001

  • As of November 2022, Easygenerator is ISO 27001 certified. ISO 27001 is the leading organizational and data security standard in the tech industry.
    Easygenerator has in place an ISO 27001-certified ISMS (Information Security Management System) containing all the company’s internal policies and procedures.
  • Easygenerator has a risk-based approach to information security, with annual risk assessments, mitigations, and subsequent management reviews.
  • A Management Steering Committee, consisting of Easygenerator’s Top Management Members, takes final responsibility for all information security concerns.

SOC II Type 2

  • As of July 2024, Easygenerator is certified compliant with the SOC II standard.
  • This signifies that our systems and processes have undergone a thorough, independent audit over a period of twelve months, ascertaining that we consistently implement industry-standard security controls to protect your data.
  • This rigorous certification underscores our commitment to data security, availability, and confidentiality.

GDPR

  • With many of Easygenerator’s top clients being based out of Europe, Easygenerator has, for many years, been fully GDPR compliant.
  • All of our client agreements follow the GDPR Schedules, with accompanying Data Processing Agreements.
  • All Easygenerator’s subprocessors also have binding GDPR-compliant Data Processing Agreements with us, making the transfer of data between us and them fully secure.
  • Easygenerator has a dedicated data protection officer, and a [email protected] channel for data subjects to reach out to regarding their GDPR-given rights to their Personal Data.

Infrastructure Security

  • Our Application is hosted on the industry-leading infrastructure services provider Amazon Web Services (AWS).
  • Our Data center is based in the AWS EU Central region.
  • Virtual private cloud, closed network with protected perimeter
  • We use a suite of state-of-the-art AWS security services including Security Hub, CloudWatch and CloudTrail
  • We manage cloud governance and security management with AWS IAM and Vault

Scalability & Availability

  • Microservices architecture with automated deployment, horizontal scaling and failover.
  • High availability with different availability zones.
  • Global content delivery mechanism with services from Cloudflare.

Data Protection

  • Privacy by design and by default
  • Encryption for data while both at rest (AES 256) and in transit (TLS 1.2)
  • Logical separation of customer data with multi-tenant database
  • Minimal data collected and processed with data minimization
  • No retention of any personal data post end of services

Application Security

  • SaaS application developed based on OWASP coding guidelines
  • Source code protection
  • Secure SDLC (architecture reviews, threat modelling, secure code review, test plans)
  • Assess code, logic, and application inputs to detect software vulnerabilities and threats.
  • Weekly performance and security patch updates to the SaaS application.
  • Technical Vulnerability assessments on regular basis
  • Annual Penetration Testing by reputed third party.

Endpoint security

  • Host and Endpoint security including AV, EDR, EPP, FIM and HIDS.
  • Web Application Firewall
  • IDS/IPS/DDos/WAF security services from industry leading CDN partner Cloudflare.
  • Data transfer over secure HTTPS channel only.

Identity and Access Control

  • Use of Privileged Accounts
  • Two-factor Authentication
  • Access is role-based, granted on a strict need-to-know basis.
  • Principle of least privilege in place.
  • Regular access control assessments

Logging, Monitoring, SIEM, Threat Detection & Analytics

  • Centralized logging, reporting, and analysis of logs to provide visibility and security insights
  • SIEM solution for the infrastructure, application monitoring in place
  • Alert system for any sort of abnormal activity

Business Continuity

  • Robust business continuity plan (BCP) 
  • Multi disaster recovery sites.

Organizational Security

  • Internal audit and review
  • Security assessment of the sub-processors
  • Review of audit reports and certifications of sub-processors
  • Data processing agreements (DPAs) in place with all sub-processors
  • International transfer of data guided by standard contractual clauses.
  • ISMS in place in conformance with ISO 27001 framework
  • All business processes are GDPR compliant