We follow a suite of formal IT policies and procedures encompassing:
- Physical security
- Logical access
- Computer operations
- Change control
- Data communications
All teams at PortX are mandated to abide by these protocols and deliver services with utmost safety. For transparency, our procedures are available on the company’s intranet for every team member to access.
Physical Security
Our data resides with Amazon Web Services (AWS). PortX team members do not have physical access to AWS data centers, ensuring an added layer of security. Learn more about AWS data center controls here.
Logical Access: Identification and Authentication
Personal User Accounts
Everyone accessing PortX’s IT resources, including employees and external partners, is assigned a unique identifier. This uniformity ensures accountability across platforms. Generic user IDs for regular use are strictly prohibited, and any activity under a user’s account is their sole responsibility.
Temporary Accounts & External Users
Occasionally, we establish temporary accounts for short-term contractors, guests, or auditors. We provision these accounts with rigorous role-based security and apply minimum access standards.
Generic and Service Accounts
These accounts are strictly controlled and primarily serve as emergency or system-interaction accounts. Only specific teams, like the IT staff and Incident Response team, can access privileged and emergency accounts. These accounts undergo strict logging and control measures.
Quarterly Access Reviews
Our Security Compliance Team carries out periodic access reviews, ensuring unused or inappropriate access is terminated promptly.
Computer Operations
Backups
PortX ensures daily backups of all databases. Our team reviews the backup policy yearly. While backups of employee endpoints aren’t maintained due to our reliance on cloud services, our engineering team routinely tests the backups for reliability.
Availability
We utilize dedicated Slack channels to address security incidents promptly. In addition, every team has an email alias, ensuring constant communication. High-importance incidents warrant a retrospective meeting and appropriate follow-ups.
Change Control
Our software undergoes rigorous change control processes. Developers work on localized code branches, making our system resilient to unintended changes. Any modifications undergo peer reviews and automated checks before merging into the master branch. This thorough approach ensures our software remains robust and trustworthy.
Data Communications
Firewall Systems
To filter unauthorized traffic, we utilize firewall systems and network address translation. Admin access to these firewalls is stringently limited to specific employees.
Redundancy
Our infrastructure is designed with redundancy to eliminate single points of failure, ensuring consistent uptime.
Penetration Tests
We engage third-party vendors for penetration testing, following standard methodologies to identify and address vulnerabilities. This is complemented by continuous vulnerability scanning using industry-standard tools.
Learn more about our commitment to security
Explore our comprehensive collection of legal documents. This includes our Privacy Policy, Master Services Agreement (MSA), Support and Maintenance Terms, Data Protection Policy, and other pertinent policies and agreements.
Explore PortX’s Documentation