Security Compliance

Secure Software Development is Our Top Priority

In software development, we pay great attention to security. 

When building software solutions for the healthcare industry we comply with all modern cybersecurity standards such as HIPAA, GDPR, SOC2. We perform security checks of all the developed systems using security assessment tools and vulnerability analysis systems.

All the discovered vulnerabilities are eliminated using the Open Web Application Security Project Risk Assessment Methodology (OWASP.org).

 

Softarex’s approach to secure software development:

  1. In software development we use secure coding practices.
  2. The source code is developed in accordance with the Automated Source Code CISQ Security Measure and ISO/IEC 25000 standards.
  3. We perform weekly source code reviews using the most advanced tools available. Code verification using other tools when committed to the server via a git hook are performed. For targeted source code security checks we use the OWASP methodology.
  4. The production environment is always completely separated from the non-production one.
  5. We follow the change management process described in Quality Management System ISO 9001:2015. It consists of the following stages:
  • Identification of the need for change.
  • Defining the purpose of potential changes and potential consequences.
  • Accounting for risks when making changes in the sense of possible harm to other aspects of the QMS if some changes are implemented.
  • Assignment of resources.
  • Implementation of the change plan.
  • Checking the effectiveness of the implemented changes.
  • Implementation in software functionality required by HIPAA and GDPR
  • Software development process based on SOC2 standard
  • Security and vulnerability testing
  • Developing source code with consideration of SOC2 requirements

Our Expertise in Technology Domains

Case Study