EPISCS Security
Data Encryption
Bidirectional encryption of communications between EPISCS and external endpoints, including web services and client devices are executed over HTTPS protocol using TLS 1.2. This validates authentication and protects against man-in-the-middle attacks, eavesdropping or tampering with the information related to your EPISCS account.
SSL certification is provided by Comodo using 256-bit encryption with support for 99.9% of browsers and devices.
Penetration Testing
Application penetration testing security audits have been performed by third-party service provider Synopsys to demonstrate vulnerabilities and guidance on addressing vulnerabilities to improve application security.
Credit Card Storage and Processing
All credit card numbers are encrypted and stored within Stripe using AES-256 encryption. Stripe is certified to PCI Service Provider Level 1, the highest level of certification available. All information managed by Stripe is protected within the Stripe privacy and security policies and adheres to federal regulations.
Infrastructure Security
All EPISCS services are managed within Amazon Web Services (AWS). Cloud security at AWS is the highest priority. The standards and certifications listed below support the global infrastructure of Amazon’s cloud.
ISO 27001
ISO 27001 is the defacto international security standard that specifies security management best practices and compliance.
SAS 70 Type II Audit Completion
Independent auditors certified AWS resources with certification of operational performance and security in safeguarding customer data.
Monitoring and Logging
Internet traffic and resource utilization are analyzed using third-party software Amazon Inspector to identify potential application security issues. These resources are integrated into the DevOps processes at EPISCS to ensure that security standards and best practices are included with all application features and improvements.
Identity and Access Control
User identities and related access permissions are managed within defined user roles. Invocation and revocation of access permissions is automated and specific to the role granted to each user. User identities are validated using an access policy related to the defined role of a user. The Identify Access Management Service provided by AWS is used to manage identity and access controls.
Things you can do
Password
Use a strong password when creating an account
Notification
Provide notification if we notice suspicious activity on your account.
Security audits
Inquire about performing security audits on EPISCS’s best in class shipment auditing platform.