Security is at the core of everything Devicie does
Our information security program embraces defence in depth. We invest in people and technologies and seek third party expertise and validation.
Devicie protects customers and partners through robust operational security requirements and processes, assessing and managing cyber security threats and risks against best practices and frameworks such as the AICPA SOC 2, SOC 3, and GDPR EU and UK.
Information Security
Our security and compliance program is built around the security triad: confidentiality, integrity and availability.
Devicie follows the Trust Services Principles of the AICPA SOC 2 and SOC 3 for security, availability, and confidentiality. Devicie also maintains a privacy program to adhere to the requirements of the GDPR EU and UK Privacy regulations and follows Privacy Principles from other key acts including the Australian Privacy Act 1988 (Cth.) and Californian Consumer Privacy Act (CCPA).
Devicie’s program incorporates areas including:
Leadership engagement and support of security frameworks and initiatives
Execution, maintenance and regular auditing of its security and compliance framework
Supplier and vendor assurance and management to ensure the supply chain meets the same high security standards
Information and cyber security policies, procedures and processes around its technologies and people
Compliance
Devicie maintains AICPA SOC 2 and SOC 3 control programs, audited annually to demonstrate our stance on security as a services organisation.
Our SOC 2 Type 2 report is available on request to partners and customers under NDA. The SOC 3 report is also available on request.
Privacy
Devicie regards Privacy to be a key tenet of our way of working, not simply a policy.
Our privacy obligations and processes are detailed in our Privacy Policy.
Vulnerability disclosure program
Devicie maintains a responsible disclosure and safe harbour regime. Please see https://devicie.com/.well-known/security.txt for further details or contact us at [email protected].