Security is at the core of everything Devicie does
Our information security program embraces defence in depth. We invest in people and technologies and seek third party expertise and validation.
Devicie protects customers and partners through robust operational security requirements and processes, assessing and managing cyber security threats and risks against best practices and frameworks such as the AICPA SOC2, and GDPR EU and UK.
Information Security
Our security and compliance program is built around the security triad: confidentiality, integrity and availability.
Devicie follows the Trust Services Principles of the AICPA SOC2 for security, availability, and confidentiality. Devicie also maintains a privacy program to adhere to the requirements of the GDPR EU and UK Privacy regulations and follows Privacy Principles from other key acts including the Australian Privacy Act 1988 (Cth.) and Californian Consumer Privacy Act (CCPA).
Devicie’s program incorporates areas including:
Leadership engagement and support of security frameworks and initiatives
Execution, maintenance and regular auditing of its security and compliance framework
Supplier and vendor assurance and management to ensure the supply chain meets the same high security standards
Information and cyber security policies, procedures and processes around its technologies and people
Compliance
Devicie maintains an AICPA SOC2 control program, audited annually to demonstrate our stance on security as a services organisation.
Our SOC2 Type II report is available on request to partners and customers under NDA.
Privacy
Devicie regards Privacy to be a key tenet of our way of working, not simply a policy.
Details of our privacy obligations and processes are detailed in our Privacy Policy.
Vulnerability disclosure program
Devicie maintains a responsible disclosure and safe harbour regime. Please see https://devicie.com/.well-known/security.txt for further details or contact us at [email protected].