KLOUDWERK has embedded a security policy which ensures the protection of company information and assets against its threats. Our security policy uses a foundation of the NCSC’s 10 Steps to Cyber Security to ensure a risk based, holistic approach is continually used. We typically use the same approach for clients who use our silver and gold packages. Our policy is founded on the following areas as defined by the 10 steps: Risk management – for us, risk management means building a company which is naturally resilient by focusing on a balanced approach to people, process and technology, whilst also identifying and managing select risks. Engagement and training – we continually train our employees using relevant and engaging security content, rather than bland annual assessments. Asset management – we know what physical and digital assets we have so we can best protect them. Identity and access management – people are core to our business. We ensure they have the necessary access to do their jobs but equally we ensure adequate cyber security is applied. Architecture and configuration – this is a key process for us as it helps us model threats and build clean, secure systems which are naturally resilient to cyber risks. Data security – data security is all about how we protect the data we hold throughout it’s life cycle including keeping it to a minimum, backing it up, appropriately managing access and data disposal. Supply chain security – like all businesses we are increasingly relying on suppliers to support and enable our objectives. We keep track of our suppliers in a register and carry out security due diligence on those we share data with or who support us strategically. Vulnerability management – vulnerability management is another key process for ensuring natural resilience is baked in. We automatically apply patches where possible and scan our environments to identify, prioritise and manage vulnerabilities Logging and monitoring – a crucial part of a holistic cyber security posture, as it allows us to detect and respond to cyber events which were not prevented Incident management – incidents are inevitable, we take proactive steps to help reduce the likelihood and impact of impacts.

Penetration Testing

We carry out penetration tests on an annual basis, or when major changes are made to our infrastructure or services. Feel free to contact us for an executive summary of our most recent report.

Responsible Reporting of Vulnerabilities

Please contact [email protected] to report a KLOUDWERK related vulnerability or security incident.