Wiseep Information Security Policy

1. Introduction

Wiseep provides a range of online vulnerability scanning services, including Wildcard domain scan, Single domain scan, Mobile app scan, Code review, Credential scan, and Infrastructure scan. This Information Security Policy outlines the measures taken to ensure the security and integrity of these services and the protection of customer data.

2. Scope

This policy applies to all employees, contractors, and third parties involved in the delivery of Wiseep's vulnerability scanning services. It covers all aspects of information security related to the operation, maintenance, and use of Wiseep's scanning tools and platforms.

3. Information Security Objectives

3.1. Confidentiality:

  • Ensure that customer data and scan results remain confidential and are only accessible to authorized individuals.

  • Implement access controls and encryption mechanisms to protect sensitive information from unauthorized access or disclosure.

3.2. Integrity:

  • Maintain the integrity and accuracy of scan results by preventing unauthorized tampering or alteration.

  • Implement controls to detect and mitigate any attempts to modify or manipulate scan data.

3.3. Availability:

  • Ensure that Wiseep's scanning services are available to customers when needed, without interruption or downtime.

  • Implement redundancy and failover mechanisms to minimize service disruptions and ensure high availability.

4. Service-Specific Security Measures

4.1. Wildcard Domain Scan:

  • Implement robust authentication mechanisms to verify the identity of customers and prevent unauthorized access to scan results.

  • Encrypt scan data during transmission and storage to protect against interception or eavesdropping.

4.2. Single Domain Scan:

  • Limit access to scan results to authorized individuals with a legitimate need to know, such as security analysts or system administrators.

  • Monitor access logs and audit trails to detect and prevent unauthorized access or misuse of scan data.

4.3. Mobile App Scan:

  • Implement mobile app scanning tools with built-in security features to detect vulnerabilities and security weaknesses.

  • Ensure that customer data collected during mobile app scans is handled in accordance with privacy regulations and best practices.

4.4. Code Review:

  • Conduct code reviews in a secure environment with restricted access to source code and related documentation.

  • Implement version control and change management processes to track modifications to code and ensure traceability.

4.5. Credential Scan:

  • Protect customer credentials used during scanning activities with strong encryption and secure storage mechanisms.

  • Limit access to credential data to authorized personnel and enforce strict access controls to prevent unauthorized disclosure.

4.6. Infrastructure Scan:

  • Conduct infrastructure scans using secure and reliable scanning tools that are regularly updated to address new threats and vulnerabilities.

  • Implement network segmentation and isolation to prevent unauthorized access to sensitive systems and resources.

5. Compliance

5.1. Regulatory Compliance:

  • Ensure compliance with relevant laws, regulations, and industry standards governing the security and privacy of customer data, including GDPR, HIPAA, and PCI DSS.

  • Conduct regular audits and assessments to validate compliance with regulatory requirements and industry best practices.

6. Employee Training and Awareness

6.1. Security Awareness Training:

  • Provide comprehensive security awareness training to employees involved in the delivery of vulnerability scanning services.

  • Train employees on the proper handling of customer data, secure coding practices, and incident response procedures.

7. Policy Review and Updates

This Information Security Policy will be reviewed annually and updated as necessary to address changes in technology, business operations, and regulatory requirements. Employees will be notified of any updates to the policy and required to acknowledge their understanding and compliance.

8. Enforcement

Violations of this Information Security Policy may result in disciplinary action, up to and including termination of employment or contract, as well as legal action if warranted. Wiseep encourages employees to report any suspected policy violations or security concerns without fear of retaliation.

9. Policy Approval

This Information Security Policy has been approved by Wiseep's executive management and is effective immediately upon distribution to all relevant parties.