Security at SROP

Self-destructible messages and secure drop areas for your clients, are but a few of SROP's features that enable you to safely and securely send and receive sensitive information and documents.

01

Platform and Network Security

  • Test all services in an automated manner with an achieved test coverage of above 95%.

  • Automated controls to keep our platform dependencies and infrastructure updated.

  • Daily automated vulnerability scans on our public API and systems.

02

Encrypted During Transit and Storage

  • All of our data are stored encrypted.

  • Data encryption uses a minimum of a 256 bit key.

  • Each company has their own encryption key (no shared keys).

  • All encryption keys are stored on specialized hardware (AWS KMS).

  • All transfer of data is performed over HTTPS (TLS >= 1.2) with no less than a 2,048 bit key.

03

Storage of Secrets

  • All secrets are stored using AES256 symmetric encryption.

  • All secrets are stored into separate physical databases with stricter access controls.

  • Keys for encrypting and decrypting are stored on AWS KMS.

  • When a password is provided it is mixed into the encryption key.

04

Data Retention & Disaster Recovery

  • Backup of Secrets, “secret requests” and other sensitive objects are on a 1 day retention due to their sensitive nature.

  • Automated controls to keep our platform dependencies and infrastructure updated.

  • Customer and Audit log data are destroyed after 10 days from account deletion.

  • Dissaster Recovery scenarios are exercised quarterly and runbooks are updated or created as needed.

Compliance & Governance

SROP is in the process of getting ISO27001 certified.

All the data centres SROP uses are readily compliant with ISO27001, SOC-1,2,3 PCI-DSS L1 and more.