Sessions between you and your ZapERP Inventory application are protected with an in-transit encryption
using 256-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS1.2 or 1.3.
ZapERP Inventory monitors potential attacks with several tools, including a web application firewall and
network-level firewalling. In addition, ZapERP Inventory contains Distributed Denial of Service (DDoS)
prevention defenses to help protect your ZapERP Inventory.
ZapERP Inventory implements static code analysis tools and human review processes in order to ensure
consistent quality in our software development practices.
ZapERP Inventory products are hosted with cloud infrastructure providers with SOC2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control and video surveillance
ZapERP Inventory products are hosted in a private virtual cloud which allows us to isolate database and
software applications from other resources.
Communications between ZapERP Inventory services are protected by using Virtual Private Networks
and encrypted network protocols. Data is encrypted at rest to help protect against unauthorized access
ZapERP Inventory’s patch management process identifies and addresses missing patches within the
product infrastructure. Server-level instrumentation ensures tracked software packages, use the appropriate versions.
ZapERP Inventory security incident process flow and investigation data sources are pre-defined during
recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.
ZapERP Inventory tests for potential vulnerabilities on a recurring basis. We run static code analysis, and
infrastructure vulnerability scans
ZapERP Inventory leverages 3rd party penetration testing firms several times a year to test the ZapERP Inventory products and product infrastructure.
All the API requests must be signed using an access key ID and a secret access key which is generated
using refresh token which gets expired in a certain amount of time.
The external API calls require generation of a developer account with ZapERP Inventory which generates the Application ID. All external API calls request a combination of application id, access key id and secret access key. The rate limit is strictly defined on all external API calls to prevent any security attacks.