System Security

Selector System Security

Selector is committed to keeping solutions secure and compliant with applicable regulations and standards. We maintain SOC 2 Type 2 and ISO 27001 certifications, which are assessed by third parties to meet stringent industry standards. We conduct annual penetration tests, using third-party experts to find and fix any vulnerabilities. We leverage security tooling to ensure code security, review libraries and infrastructure and third-party libraries for vulnerabilities and maintain secure code and systems.

Security at Selector is an ongoing process. We continuously monitor our systems and conduct regular audits to keep our Information Security Management System (ISMS) strong, giving clients confidence that their data is safe. We protect customers and secure our enterprise from malware attacks and threats in several ways:

Advanced threat detection and prevention for our S2AP SaaS platform using Cloud Service provider capabilities. We provide a dedicated SaaS tenancy for each customer for effective isolation, apply a zero-trust approach to limit access, and perform continuous automated scans of our code to avoid accidental leaks of sensitive information.
Strong email filtering and quarantine capabilities use various techniques, including content-based, heuristic, and Bayesian filtering. We conduct real-time scans of incoming messages to quickly identify and isolate suspected spam and potentially harmful emails.
Effective endpoint detection and response (EDR) tools secure our on-premises and mobile devices using major security frameworks. We monitor files and applications in real time, instantly block and quarantine threats, and manage malware protection from a central portal.
A device compliance solution checks every laptop accessing our network to ensure that antivirus and antimalware software like XProtect, Windows Defender, and Gatekeeper are active.

In addition to these security measures, Selector takes proactive steps to keep customers safe:

A continuous vulnerability management framework leverages the industry tools like Dependency Track and Snyk to generate and scan our software bill of materials (SBOM) to secure our software from any exploitable vulnerabilities.
Annual penetration tests on our code use independent experts to find and fix potential vulnerabilities. This practice helps Selector stay strong against new threats.
Selector has well-defined plans for incident response and recovery (IRR). Our incident response team has clearly defined roles and conducts regular exercises, such as simulated phishing and ransomware scenarios, to give employees hands-on experience.
Our platform supports role-based access control (RBAC) to manage user privileges and groups. User groups can be configured to support the principle of least privilege limiting access to parts of the platform.
Selector has implemented both traditional and application firewalls and VPN to control access to our SaaS instances. Only allowed IPs and authenticated users have access to the hosted infrastructure. We use cloud-based security tools to monitor access to and from the instance and user behavior for any anomalies. In addition, local firewalling on the VMs is used so that only desired traffic is allowed between the Kubernetes services.
We work with our customers so that an on-premises managed services deployment ensures that correct external firewalling is configured and tested.

Selector’s commitment to security and compliance is paramount. We are highly invested in safeguarding the security and privacy of our customers by ensuring our solution meets and exceeds modern security, compliance, and regulator standards. Key aspects of our security approach include:

Third-party audits, where we engage an independent third-party auditor to conduct comprehensive annual assessments of our SaaS infrastructure environment, development processes, and testing infrastructure
Comprehensive coverage through continuous monitoring of our enterprise and SaaS platform by implementing effective secure coding practices and vulnerability management, periodic verification, and internal audits on the effectiveness of our security controls, and identifying potential weaknesses through proactive tabletop exercises.
Continuous improvement by Identifying and addressing any potential vulnerabilities, stay current with evolving security threats and compliance requirements, continuously enhancing our security measures to enable delight experience for our customer with an effective security posture.
Engaging an independent third-party Type 2 Independent Service Audit firm approved by the American Institute of Certified Public Accountants (AICPA) to perform our SoC2 and ISO 27001 audit certifications. This annual review and certification process rigorously evaluates our AIOps solutions. The scope of these audits includes the assessment of infrastructure security, data security, network security, access control, our secure software development lifecycle, and our people management procedures.

Selector leverages various vendors to assess vulnerabilities, and based on criticality and impact, effectively perform and manage software patches through an automated process to cover all our assets holistically across our SaaS platform, the enterprise, and solutions deployed at the on-premises of our clients.

Leveraging the native automated patch management service offered by our Cloud service provider who hosts our SaaS platform, Selector offers a comprehensive solution for patching Linux and Windows-based systems. The automated OS patch management service provides centralized control and automation for keeping our cloud infrastructure up-to-date and secure. It automates the entire patching process, from scanning to deployment, and generates periodic patch status reports that are actively reviewed by our team to ensure compliance.

For our on-premises enterprise assets and end point devices like Apple’s Macintosh and Microsoft’s Windows laptops, we leverage vendor provided tools to automate the patch management of those devices. Our EDR and device compliance monitoring solutions continuously monitor the effectiveness of these automated patch management solutions to get them periodically reviewed by our security and site reliability teams. For the Selector managed SaaS solution(s) deployed on the client’s premises, we provide according to criticality and impact management solutions to ensure security and compliance of those solutions. By leveraging various vendor-provided native solutions, we create a comprehensive automated patch management strategy across our SaaS, our managed SaaS solutions and our enterprise, ensuring our systems remain secure and up to date.

Our security organization is led by tenured cyber security professionals with an assigned Chief Information Security Officer (CISO), ensuring our security policies stay up to date with the regulatory and compliance needs and our solutions adhere to those policies and industry best practices. For data privacy, we follow regulations like GDPR by using encryption, access controls, and regular audits to protect sensitive information and privacy of our customers. Our ISO 27001 certification ensures we manage risks related to personal data effectively.

For our SaaS solution, we take advantage of our cloud provider capabilities to perform various aspects of infrastructure resiliency features, including backup systems, redundancy, and global reach. We use real-time data replication and automated backups to protect customer data and keep services available even during disruptions. We also run annual drills to test our disaster recovery plans, ensuring our team is always ready.

For our on-premises solution, we guide our customers on best practices for backups, system redundancy, and disaster recovery tailored to their specific setup. Our BCP also emphasizes clear communication during any disruptions. We provide timely updates to keep customers informed about what’s happening and what we’re doing to restore service. Regular reviews of our BCP help us stay current with industry standards and ensure the ongoing reliability of our services.

To summarize, at Selector prioritizes information security as a continuous commitment. We take a proactive “shift-left” approach by integrating security into the early stages of product planning, effectively preventing vulnerabilities before they arise. Our systems undergo regular checks and audits, ensuring that our Information Security Management System (ISMS) remains robust. With this unwavering dedication we strive to provide assurance for our clients and win their complete confidence that their data is secure and belongs only to them.

Access Management

The Selector platform supports role-based access control (RBAC) to manage user privileges and groups. User groups can be configured to support the principle of least privilege to limit access to parts of the platform.

Selector does not use developer usernames/passwords in production systems. We do not use backdoor accounts either.

Moreover, Selector does not maintain local user accounts on the VMs or servers that the platform is running on. The Selector platform typically has local accounts for admin access (this is limited to the Selector platform and not to the underlying Operating System) and minimum password requirement is enforced.

Authentication and Single Sign-On (SSO)

Selector complies with common guidance for Authentication and Single Sign-On (SSO) use. During installation and configuration, the Selector team works with the customer’s security team to configure the appropriate integrations as desired.

Selector supports multiple identity providers such as Okta, Azure AD, Active Directory, Google, Ping ID, Generic OIDC, SAM 2.0, and so on. In addition, Selector can synchronize with LDAP instances.

Additional mechanisms such as Radius, TACACS or SecurID can easily be added as a roadmap item if required.

Data Encryption

See the Selector Data Protection Policy.pdf document. (There should be a live link to this document here.)

Network Security

Selector implements Firewalls and VPN-only access to its SaaS instances. Only allowed IP addresses and authenticated users are allowed to access the hosted infrastructure. Selector uses cloud-based security tools to monitor access to and from the instance and related user behavior.

Selector works with customers if an on-premises deployment is used to ensure that correct external firewalling is configured and tested. In addition, local VM firewalling is used so that only desired traffic is allowed between the Kubernetes services.

Patch Management

Selector’s SaaS offering is based on continuous delivery as a service. There are regression test suites that are run along with testing on staging environments before promoting a release for production. In addition, these are tested on customer staging environments before upgrading the customer production environment.

Selector has a risk management program in place to make sure services are reliable, whether the SaaS solution on Google Cloud Platform (GCP) or the on-premises solution managed by the customer’s own team. This approach focuses on identifying and fixing any potential issues before they can impact services.

Selector’s Director of Engineering (DevOps) plays a key role in this process. A powerful tool continuously scans the infrastructure for vulnerabilities. With years of experience, including working with some very large companies, the Director of Engineering has developed a proven method to classify and prioritize these vulnerabilities. Once a risk is identified, it’s addressed according to a proven methodology to ensure it doesn’t affect services.

Regarding Selector’s code, any vulnerabilities found during development are also dealt with promptly. The development team uses automated checks to catch and fix issues early on, which helps prevent problems from reaching customers.

Selector regularly reviews risk management practices, assessing potential threats and ensuring strategies are up to date with the latest security standards. The Director of Engineering works with other team members to ensure everyone is on the same page and always ready to tackle any risks.

Backup and Recovery

Selector’s SaaS solution on the Google Cloud Platform (GCP) takes advantage of Google Cloud’s strong infrastructure, including backup systems, redundancy, and global reach. Real-time data replication and automated backups protect customer data and keep services available even during disruptions. Selector also runs annual drills to test disaster recovery plans, ensuring the team is always ready.

For the on-premises solution, customers are guided on best practices for backups, system redundancy, and disaster recovery tailored to their specific setup.

Selector’s Business Continuity Plan (BCP) emphasizes clear communication during any disruptions. Timely updates keep customers informed about what’s happening and what is being done to restore service. Regular reviews of the BCP help stay current with industry standards and ensure the ongoing reliability of services.

Malware Protection

Selector is committed to keeping customer solutions secure and compliant with data standards. Selector holds SOC 2 Type 2 and ISO 27001 certifications, which means Selector security practices meet strict industry requirements. Yearly penetration tests are conducted on all in-house code, using third-party experts to find and fix any vulnerabilities. Selector’s Director of Engineering uses Snyk to catch and address security issues quickly.

Incident Response

Selector has a straightforward incident response plan to deal with any interruptions of services. Whether using the SaaS solution on Google Cloud (GCP) or the on-premises solution, Selector aims to minimize downtime, recover quickly, and keep everyone informed throughout the process.

As soon as an issue is detected, the Site Reliability Team (SRE) begins its response. They assess the situation, determine the impact, and coordinate to quickly and effectively remediate the issue.

Communication is a big part of the plan. Selector sends regular updates to everyone involved—customers, partners, and our internal teams—as soon as the issue is identified. These updates include details about what’s happening, what we’re doing to fix it, and how long it might take. We focus on being transparent and clear, so everyone knows what to expect. After everything is back to normal, Selector reviews what happened to learn any lessons and improve processes for the future. This helps preparation for any similar issues down the road.

For the SaaS solution on GCP, Selector relies on the cloud’s built-in safety features—like backup systems and data redundancy—to keep things running smoothly. The technical team works closely with GCP support to resolve any issues and get everything back on track as fast as possible. We also monitor things in real time to catch any other potential risks. For the on-premises solution, where your team oversees the infrastructure, Selector’s support team steps in to guide and assist customer IT personnel, helping them to manage the situation effectively.

Compliance

Selector has contracted with an experienced Chief Information Security Officer (CISO) who ensures Selector security policies stay up to date with best practices. For data privacy, Selector follows regulations such as the European Union’s (EU’s) General Data Protection Regulation (GDPR) by using encryption, access controls, and regular audits to protect sensitive information. Selector’s ISO 27001 certification ensures that risks related to personal data are managed effectively.