fbpx

ZapERP Inventory 2020 & 2021 Data Policy

Date of Last Revision: May 1st, 2021

Application Security

In-Transit Encryption

Sessions between you and your ZapERP Inventory application are protected with an in-transit encryption
using 256-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS1.2 or 1.3.

Web Application and Network Firewalls

ZapERP Inventory monitors potential attacks with several tools, including a web application firewall and
network-level firewalling. In addition, ZapERP Inventory contains Distributed Denial of Service (DDoS)
prevention defenses to help protect your ZapERP Inventory.

Software Development Lifecycle (SDLC) Security

ZapERP Inventory implements static code analysis tools and human review processes in order to ensure
consistent quality in our software development practices.

Data Center Protections

Physical Security

ZapERP Inventory products are hosted with cloud infrastructure providers with SOC2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control and video surveillance

Network Isolation

ZapERP Inventory products are hosted in a private virtual cloud which allows us to isolate database and
software applications from other resources.

Communications between ZapERP Inventory services are protected by using Virtual Private Networks
and encrypted network protocols. Data is encrypted at rest to help protect against unauthorized access

Software Security

Patch Management

ZapERP Inventory’s patch management process identifies and addresses missing patches within the
product infrastructure. Server-level instrumentation ensures tracked software packages, use the appropriate versions.

Security Incident Response

ZapERP Inventory security incident process flow and investigation data sources are pre-defined during
recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audit, Vulnerability Assessment and Penetration Testing

Vulnerability Assessment

ZapERP Inventory tests for potential vulnerabilities on a recurring basis. We run static code analysis, and
infrastructure vulnerability scans

Penetration Testing

ZapERP Inventory leverages 3rd party penetration testing firms several times a year to test the ZapERP Inventory products and product infrastructure.

API Security

Security Tokens

All the API requests must be signed using an access key ID and a secret access key which is generated
using refresh token which gets expired in a certain amount of time.

Rate Limiting

The external API calls require generation of a developer account with ZapERP Inventory which generates the Application ID. All external API calls request a combination of application id, access key id and secret access key. The rate limit is strictly defined on all external API calls to prevent any security attacks.

Want quick support?

Have an awesome idea? For a FREE proposal and analysis of your needs, please send us your problematic questions.