Security & Data Protection
EllanikaOSSO is committed to protecting user data through robust security protocols, including encryption, access control, and regular audits.
# Data Security Measures
- End-to-end encryption for all data transmissions
- REST API secured with OAuth 2.0 and JWT token validation
- Database encryption at rest using AES-256-GCM
- Penetration testing conducted quarterly by third-party auditors
- Real-time DDoS mitigation through cloud-based protection services
# Access Controls
Effective April 2025
- Multi-factor authentication (MFA) required for admin interfaces
- Role-based access control (RBAC) with least-privilege principle
- Session expiration after 30 minutes of inactivity
- Brute-force prevention via rate limiting and CAPTCHA integration
# Incident Response
Last updated August 2025
Breach notification within 72 hours in accordance with GDPR Article 33
- 24/7 cybersecurity monitoring via Prometheus/Grafana stack
- Incident classification system for data access breaches
- Automated alerting to SOC team via SNS
- Post-incident root cause analysis within 5 business days
# User Responsibilities
- Maintain strong, unique passwords
- Enable 2FA for all account types
- Report suspicious activity immediately
- Not share account credentials publicly
- Regularly review account activity logs
# Compliance Framework
EllanikaOSSO adheres to the following standards:
ISO/IEC 27001
SOC 2 Type II
GDPR
NIST Cybersecurity Framework
# Security Audits
Internal audits
- Quarterly infrastructure reviews
- Monthly codebase inspections
Third-party audits
- Biannual independent penetration testing
- Yearly compliance verification
Have Security Concerns?
Email our security team directly at security@ellanikaosso.org for any breach reports or security questions.
Security Contact Form