Compliance and Security
In pursuit of ensuring the confidentiality, integrity, and availability of information, Freyr Digital has adopted a formal risk management framework and developed an IRMS (Integrated Regulatory Management System). This system is relevant to our cloud-native capabilities and is continuously improved. It is aligned to Freyr Digital's business objectives and ensures that our customer's contractual, statutory, regulatory, legal, and business continuity requirements are complied with.
Freyr Digital ensures that all our technology, product, and service workloads on cloud focus on the CSP’s (Cloud Service Provider) best practices which include but are not limited to:
- Operations
- Access Control
- Monitoring
- Automation
- Continuous Improvement
- Risk & Vulnerability management
- Incident Response Procedure
- BCP (Business Continuity Plan)
- Security Awareness Training
The operational performance of Freyr Digital applications is enhanced with the efficient use of CSP native services. This is delivered by maintaining a cost-efficient environment, wherein Freyr Digital SaaS applications will auto scale-up/down to meet changes in business demand and the required technology capabilities.
Freyr Digital has a good number of cloud certified resources. As a part of life cycle management, each individual is well versed in the cloud technologies and deliver CSP’s best practices while implementing and designing a technical solution. Freyr Digital CTO (Chief Technology Officer) ensures all these technology capabilities and services are compliant with the industry best practices as recommended by the CSP.
Freyr Digital Cloud Infrastructure Security
Freyr Digital leverages the secure infrastructure and hosting services of the cloud service providers, that are deemed leaders within the realm of the cloud computing services industry. By leveraging the natively offered cloud services that are scalable, reliable, performance efficient and deliver operational excellence, Freyr Digital delivers security by leveraging the listed below guardrails that include but are not limited to: -
Understanding and fully leveraging the shared responsibility model as applicable within the cloud computing context, wherein the security of the cloud is the CSP’s responsibility and security within the cloud is the customer’s (Freyr Digital) responsibility. Freyr Digital offers technology products and services to our customers in a SaaS model, wherein the customers of Freyr Digital are responsible for their data and the users that have access. This capability is delivered to our customers by providing SSO service across all our products. All applications offered by Freyr Digital can be integrated with the customer’s SSO (Single Sign-On).
Partnering with cloud service providers to ensure their architectural best practices are followed and applied within our cloud architecture, engineering, and day-to-day operations.
Identity and access management best practices that ensure all authentication and authorization events follow the guardrails that include but are not limited to: -
- Applicable Multifactor Authentication Schemes.
- Principle of Least Privileges That Are Programmatically Applied and Followed.
- Granular Access Controls Based on Pre-Defined Rules and Assigned Roles.
- SSO Capabilities Offered to Our Customers.
- Just-in-Time Access Principles.
- Real-Time Monitoring and Alerting Capabilities.
Encryption of data at rest and in transit.
Absence of any applicable end of life hardware and software.
Backup and a robust disaster recovery mechanism that ensures data and service availability in the event of any unforeseen catastrophic event. BCP is tested at pre-defined intervals, and a standard RTO (Recovery Point Objective) and RPO (Recovery Time Objective) are defined.
Well-defined procedure to identify, respond, and remediate an IT/security incident.
Pre-defined timelines based on the severity to manage and remediate security vulnerabilities.
Regular periodic cadence calls with our CSP resources (e.g. dedicated Technical Account Manager (TAM)).
Run time security controls – EDR (End Point Detection & Response) within our cloud workloads, that give telemetry information for any anomalous behaviours.