Our Cyber Security Assurance

At Assai, we strive for security and compliance to align with excellence in engineering tailored for the energy sector. We recognise that the energy sector operates in a high-stakes environment, where any disruption can lead to serious consequences.

Ensuring the security and integrity of your full life cycle engineering projects and operations is our top priority. That’s why we’ve established a dedicated Cyber Security Team committed to protecting your projects from potential disruptions. Whether it’s defending against cyber threats, preventing system failures, or ensuring compliance, we’re dedicated to safeguarding your projects every step of the way. 

Unparalleled Security Measures

SOC2 Certified

We adhere to the highest standards of security, ensuring the confidentiality, integrity, and availability of your data. 

Pen Testing

Our commitment to security goes beyond certifications. We undergo rigorous penetration testing annually to identify and mitigate potential vulnerabilities proactively. 

Transparent Reporting

Rest assured, a summary of our pen testing reports are readily available upon request, demonstrating our commitment to transparency and accountability. 

Meeting Regulatory Requirements with Ease

Managing compliance requirements in the energy sector can be complex. Here’s how we simplify the process for you: 

  • Discovery Recovery (DR) Testing: We conduct regular disaster recovery testing to ensure your projects remain resilient and operational even in the face of unforeseen events. 
  • Data Management: Trust us to manage your data securely throughout its lifecycle, from collection and storage to processing and disposal. 
  • Continuous Monitoring: Our robust security monitoring systems keep a vigilant eye on your projects, detecting and responding to threats in real-time. 

Strengthening Security with Cloudflare

We’re proud to partner with Cloudflare, a global leader in web security and performance. Together, we provide an additional layer of protection for your projects, leveraging Cloudfare’s advanced technology, including: 

  • DDoS Protection: Safeguard your projects from malicious attacks with Cloudflare’s advanced DDoS mitigation solutions. 
  • Web Application Firewall (WAF): Protect your applications from common threats and vulnerabilities with Cloudflare’s powerful firewall. 

Secure Software Development

At Assai, security is a top priority. This starts right from the software development process, where we implement security by design. This means we integrate security throughout all phases of the Software Development Lifecycle (SDLC). 

We achieve this by using the Microsoft SDLC methodology, which provides a structured approach to developing secure software.

The 6 Phases of Microsoft SDLC Methodology

Planning

In this phase, we define the security objectives for the software. 

Design

We design the software with security in mind, considering potential threats and vulnerabilities. This includes conducting threat modeling to proactively identify and mitigate security risks. 

Implementation

We implement the software according to the security requirements established in the design phase. 

Testing

We thoroughly test the software for security vulnerabilities, utilizing both SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools, alongside threat modeling techniques.
SAST: Analyzes the source code to identify potential vulnerabilities early in the development process.
DAST: Tests the running application to discover vulnerabilities that might be exploitable during operation.

Deployment

The software is released into production.

Maintenance

We continuously monitor the software for security vulnerabilities and weaknesses. 

Learn more

By following the Microsoft SDLC methodology and incorporating threat modelling, SAST, and DAST testing, we can develop software that meets the highest security standards. 

More information about the Microsoft SDLC methodology can be found here.

Utilize Assai to transform your document management needs in a secure way. 

Learn more

Enhanced Security with Two-Factor Authentication (2FA)

In our dedication to protecting your valuable documents and data, we have implemented Two-Factor Authentication (2FA) as part of our comprehensive security measures. This extra layer of security is pivotal, particularly in environments with diverse job roles and a large user ecosystem. Alongside role-based access, 2FA significantly fortifies the security of your Assai environment by ensuring that only authorized individuals have access to the appropriate resources.

Streamlined Secure Login

At the core of our platform’s design is the assurance of seamless and secure access, made possible through the implementation of Single Sign-On (SSO) technology and the Security Assertion Markup Language (SAML) protocol.

With our SAML integration option, users can effortlessly access our platform using their existing credentials from third-party user repositories, simplifying the authentication process while maintaining stringent security measures. Once authenticated, users seamlessly log in to the Assai system with their SAML user ID, creating a unified and intuitive user experience shared between Assai and the Identity Provider (IdP).

Assai as a Member in Leading Organizations