Solin
E-mail: info@solin.co
Moodle trademarks

The word Moodle and associated Moodle logos are trademarks or registered trademarks of Moodle Pty Ltd or its related affiliates.

© 2024 Solin

Icon +31 13 30 29 144

ISO 27001 Compliance Statement and Security Measures Overview

At Solin, we recognize the importance of robust information security practices. While we are not formally ISO 27001 certified, we have meticulously aligned our procedures with the ISO 27001 framework to demonstrate our commitment to safeguarding client data. Below, we outline our security measures, referencing the relevant ISO 27001 controls and sections for transparency and accountability.

Security Statement and Measures

No.RequirementApplicable?Evidence / ControlISO 27001 Reference
1The supplier uses an authorization and authentication process based on the need-to-know principle.YesAccess control logs, Role-based access control (RBAC) documentation, and audit reports.A.9 Access Control
2Access rights issued are regularly reviewed by the supplier.YesRegular access review reports, audit logs, and user access matrices.A.9.2 User Access Management
3The supplier has a continuity plan ensuring that services can continue adequately during and after a disaster without compromising information security.YesBusiness continuity plans, disaster recovery test results, and backup logs.A.17 Information Security Aspects of Business Continuity Management
4The supplier has procedures for employing sufficiently qualified and reliable personnel.YesEmployee background checks and HR policies.A.7 Human Resource Security
5The supplier has a code of conduct regarding information security that personnel must adhere to.YesEmployee code of conduct.A.7.2 During Employment
6The supplier has established procedures and measures for the adequate management of company assets (hardware).YesHardware lifecycle management procedures.A.8 Asset Management
7The supplier has a procedure for handling incidents.YesIncident response plans, incident logs, and post-incident analysis reports.A.16 Information Security Incident Management
8The supplier has procedures (where relevant) for software development, system administration, and network management.YesSoftware development SOPs, system admin logs, and network configuration reviews.A.14 System Acquisition, Development, and Maintenance

Additional Details on Our General Security Practices

Our adherence to these security measures is supported by a series of Standard Operating Procedures (SOPs) that guide our daily operations. These SOPs are crafted to ensure that all processes, from secure code deployment to data exchange, are carried out in alignment with recognized standards and best practices.

1. Secure Data Exchange
We use encryption and other secure methods for data transmission, ensuring that sensitive information is protected at all stages. This aligns with our commitment to maintaining the confidentiality and integrity of client data.

2. Business Continuity and Incident Response
Our business continuity plans and incident response procedures are designed to ensure minimal disruption in the event of a disaster, with a strong focus on maintaining security throughout any incident.

3. Continuous Monitoring and Improvement
We continuously monitor our systems to identify and mitigate potential security threats, ensuring that our practices evolve in response to new risks.

At Solin, our goal is to provide peace of mind to our clients by aligning our practices with globally recognized standards like ISO 27001, even in the absence of formal certification. For more information on how we protect your data, please contact us.

Focus on Security During Development: Commitment to Preventing OWASP Top 10 Security Risks

At Solin, we take the security of our custom development seriously. We understand the importance of safeguarding against the most critical security risks identified by the OWASP Top 10. While we do not currently pursue formal certifications, we have implemented robust practices to ensure our applications are secure.

Key Measures We Employ:

1. Rigorous Code Review Process
Every piece of code we develop undergoes a meticulous review process. Our experienced developers scrutinize code for potential security vulnerabilities, including those outlined in the OWASP Top 10. This manual review ensures that security is built into our applications from the ground up.

2. Penetration Testing
We regularly conduct penetration testing on our applications to identify and mitigate vulnerabilities. These tests are performed by security experts who simulate attacks to uncover weaknesses that could be exploited. We focus on addressing the risks identified by the OWASP Top 10, such as injection flaws, broken authentication, and sensitive data exposure.

3. Comprehensive Security Policies and SOPs
Our development processes are guided by comprehensive Standard Operating Procedures (SOPs) that are aligned with security best practices. These SOPs cover secure coding practices, incident response, and asset management, ensuring that all aspects of our development lifecycle are secure.

4. Asset Management and Security Controls
We maintain strict controls over our assets, including hardware used by our employees, such as laptops. We ensure that these assets are securely managed throughout their lifecycle, from deployment to decommissioning, in alignment with ISO 27001’s Asset Management guidelines (A.8).

5. Transparency and Continuous Improvement
We believe in transparency with our clients and regularly provide reports on our security practices. We are committed to continuous improvement and regularly update our processes to address emerging threats and ensure ongoing compliance with security standards.

By adopting these practices, Solin is dedicated to minimizing the risk of introducing vulnerabilities into our custom applications. Our approach ensures that security is not just an afterthought but a fundamental part of our development process.

For more details on how we protect your data, please contact us.