Security

The integrity of the Portfolio XpressWay platform and the security of your data is our top priority. It’s why we’ve implemented a comprehensive security strategy to protect your information from any potential threats. Below, are several of the key security practices we follow to ensure you enjoy a safe and secure business experience with us:

Data Encryption

One of the many measures we take to ensure the security of your data is by encrypting it both at rest as well as in motion. Encrypting your data renders it wholly unreadable to unauthorized parties.

For data at rest, we employ full-disk encryption to secure the entire Operating Systems and all data stored on physical media or in Databases. This means even if a malicious actor managed to somehow get physical possession of these drives or databases, they couldn’t read any of the information on these media.

For data in motion we use the industry standard Secure Sockets Layer and Transport Layer Security protocols. So when you interact with our servers your communication is protected against eaves dropping, tampering, or any other form of manipulation by an adversary.

In addition to encryption we maintain a robust password management system where your passwords and other sensitive information you might want stored for safekeeping, can be vigilantly protected. Access to this service is strictly controlled allowing only authorized personnel to manage and retrieve encryption keys, passwords, and the like. This ensures compliance with the strictest security standards. Everyone has access to their own dedicated and secure space within our Key Vault, to ensure isolated and enhanced security for your encryption tools.

Access Control

Role-Based Access Control (RBAC): We implement role-based access control to ensure that each customer only has access to the data and functionalities necessary for their role. This minimizes the risk of unauthorized access to someone else’s sensitive information.

Multi-Factor Authentication (MFA): We offer an enhanced multi-factor security option requiring users of our platform to authenticate with two factors, for example, a password (something they know) and a code send to their mobile phone (something they have).

Secure Development Practices

At Portfolio XpressWay, we understand the need to proactively perform extensive program code reviews and testing to ensure the highest level of application integrity.

For this reason, our team performs an ongoing multi-layered approach to security analysis, including but not limited to:

  • Static Application Security Testing (SAST): SAST highlights security issues identified in application source code.
  • Software Composition Analysis (SCA): SCA identifies security considerations and license compliance issues in software components and dependencies used in our applications.
  • Dynamic Application Security Testing (DAST): DAST detects the presence of any common web application vulnerabilities by simulating attacks on our applications in user acceptance testing and production environments.
  • Container Security Scanning: ensures the security of our containerized applications by scanning container images for vulnerabilities before deployment. This includes assessing the container’s base image, libraries, and dependencies for known security risks, helping to maintain the integrity and security of our deployment environments.

Regular Updates and Patching

Portfolio XpressWay regularly updates our software and dependencies to ensure that we are protected against the latest vulnerabilities, and we apply security patches as soon as they are released to ensure that we always maintain your top-tier safety.

Automated Backups: We perform real-time, automated backups of your data to ensure that we can quickly recover in the event of any unforeseen data loss incident, e.g. a natural disaster, etc., to ensure that you have access to your information and can continue doing your work.

Secure File Sharing

Portfolio XpressWay takes a privacy-first approach with your data. It’s why we use a Canada resident file-sharing integration with our platform. This also allows you to manage your own encryption keys with a wide variety of secure storage options should that be of interest to you.

Monitoring and Incident Response

Our 24/7 Expert Security Operations Centre Staff leverages seasoned security staff subject matter expertise in conjunction with top-of-the-line tech such as automation to provide us with constant monitoring and alerting on any suspicious activities both on premises and in the cloud. Additionally, we have a powerful automation platform for real-time incident response should the security event data we collect prove actionable.

User Security Awareness Training: Portfolio XpressWay takes its obligation to share pertinent security information with you and our staff very seriously. For this reason, it is our pleasure to share with you a wide variety of security best practices, such as how to protect yourself from sophisticated phishing email attacks, as well as other important cyber safety information.

Employee Protection

Among the many ways we actively work to ensure your protection is to keep an eye on the state of our staff’s computers.

For an email to make it to our staff’s inbox it must pass through multiple layers of inspection. We look at who sent the email; what its contents are; what the attachments are like, if any; etc. At each stage we run rigorous security checks to ensure staff are safeguarded from any malicious messages.

While our staff work on their computer, locally, our security software is running in the background keeping a watchful eye on any irregular activity.  If anything, suspicious presents itself, we investigate and respond to it immediately, ensuring your continued protection.

Addressing your Inquiries and Concerns

It is our honor and pleasure to discuss anything in this Security Policy document with you at your convenience. Should you have any questions or concerns, please feel free to reach out directly to our Chief Information Security Officer at: info@portfolioxpressway.com