Our 100% security guarantee for our customers and solutions
We are big on data privacy for our customers, any information we collect will be stored and processed within countries that comply with GDPR. All data transfer between the user’s browser and the user’s site happens securely via HTTPS.
We are secure by Vanta, Vanta helps with our continued compliance monitoring. We employ end to end vulnerability checks during our coding and development process. Every product undergoes an internal compliance process to ensure 100% security.
Move Work Forward is a platinum marketplace partner and we uphold Atlassian's security guidelines throughout our product development and operations process.
We have an AWS security specialist on the team, we also employ the lastest and best practises for infrastructure access. All our are tools are multiple factor authenticated and only access by team members on a need to know basis.
All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.
This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.
We use TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.
Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Vanta. The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs.
Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.
We take our customers security seriously and take all the steps to delivered secure solutions even from the beginning of the development process.
Team members pull stories from the backlog as capacity allows. Typically their first step is to write tests to assert the behaviour we expect. From there they will write code to make tests pass, and then refactor as needed.
When a team member is ready for code review they add two of their colleagues to a pull request. Their colleagues review the code for consistency, sanity, and against the acceptance criteria of the user story.
During the code review process we begin user acceptance testing of the functionality in the host product. At this point we're trying to ensure that what we deliver makes sense from a customers perspective. This often turns up UI/UX improvements for the story which are then subsequently included in the pull request.
Once the pull request has been approved the development branch is merged into our master branch where we do final user acceptance testing before merging to release branch and releasing the packages.