Security Documentation

Data Protection

End-to-End Encryption

All data in transit is protected using TLS 1.3 with AES-256-GCM and ephemeral session keys. At rest, data is encrypted with industry-standard algorithms across all storage systems.


# Sample encryption verification:
openssl s_client -connect api.engotss.eu:443 -showcerts

Key Features

Auto-rotating encryption keys every 90 days
HSM-backed key storage
Compliance with FIPS 140-2
ISO 27001 certified infrastructure

Access Controls

Granular access management using attribute-based access control (ABAC) and role-based access control (RBAC) models. All administrative actions are auditable.

Authentication

Multi-Factor Authentication (MFA) required for all users
OAuth 2.0 and SAML 2.0 supported
Password complexity enforcement

Auditing

Comprehensive activity logging
Real-time anomaly detection
Exportable audit trails

Compliance Frameworks

GDPR Compliant

Full compliance with EU General Data Protection Regulation

ISO 27001

Information Security Management System

SOC 2 Type II

Comprehensive security controls framework

Security Best Practices

Secret Management

✓ Use of Hardware Security Modules (HSMs) for key storage
✓ Regular security audit trails
✓ Token rotation every 15 days

Incident Response

✓ 24/7 security monitoring
✓ Automated threat detection
✓ SOC 2 incident escalation procedures

Security Tools

Threat Scanner

Continuous scanning for vulnerabilities across all services

Vulnerability DB

Real-time updates from NIST and OSV

Security Posture

Automated security scorecards and remediation

Reporting Security Issues

If you discover a security vulnerability, please contact our Security Team using our responsible disclosure process:

security@engotss.eu

Responsible Disclosure

Report through the official security email
Include technical details and reproduction steps
No monetary rewards for vulnerability reports
Typical response time: 1 business day