Swif encrypts and protects sensitive information across the transformation and analysis process.
.png){kind=spacer}
TLS encryption for all data exchanged. Additional security is available for dedicated VPN connections between the customer and Swif.
AES 256-bit encryption
.png)
Intrusion detection systems and alerts to monitor for real-time threats, including the use of Google Cloud.
Swif’s platform provides full control of access to all hosted information
Swif partners with Auth0 to provide 2FA and SSO for account login and sign-ups
Required strength factors (minimum characters, required numbers, and special characters, common passwords rejected), salted and hashed password storage, and password resets
Role-based access, visibility, and user access rights. Regular access review and analysis
.png)
Detailed tracking and audit logging of all activities related to the application environment and administrative activity
Security processes have been fully integrated into the Swif software development processes. Developers receive training that focuses on OWASP-specific guidelines. In addition, processes are set up to allow for separation of duties and segmentation of platforms with dev, staging, and production.
Swif leverages Google Cloud (GCP). We utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration. Swif can make available all standards, GCP certifications, and accreditations along with physical security controls.
Swif security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant change.
All employees go through required training upon hire and must recertify on an annual basis. Policies include
Access Control
Business Continuity
Access Control
Cryptographic Controls
Data Management
Human Resources Security
Information Security
Operations Security
Physical Security
Risk Management
Third-Party Risk Management
On-going security activities, including:
Network intrusion detection
Code vulnerability scanning
Penetration testing
System, network, application log analysis, reporting, and retention
in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
that identifies and evaluates security risks of vendors and third parties.
Swif is committed to establishing and maintaining compliance with key information security and regulatory standards, including:
Swif and third-party certification and verification reports are available for limited distribution and shared under non-disclosure agreements.
.png)
Use Swif for free if you have up to 5 employees. Get a custom quote based on your company's size.
.png)
.png)
.png)
.png)
.png)
