LogoLogo
  • Introduction
  • Organizational security
  • Ubidots Architecture
  • Confidentiality
    • Formatting and Data Accumulation
    • Encryption in Transit
    • Encryption at Rest
    • All of Our Hired Personnel Must Sign an NDA
    • We Only Hire Directly
  • Transparency
    • Periodic Checks
    • Status Page
    • Support Channel
    • Open Source
    • Continuous Hacking to our Own Technology
    • Data Leakage Policy
  • Integrity
    • Isolated Websites
    • Code Management
    • Continuous Scanning for Vulnerabilities
  • Resilience
    • Incident Management and Resolution
    • Data Backup
    • Recovery Objective
  • Non-repudiation
    • Extensive Logs
    • Everything as Code
  • Authentication
    • For Clients
    • Internal
  • Privacy
    • Data Management and Retention Policy
  • Compliance
    • FDA 21 CFR Part 11
      • Validation
      • Audit Trails
      • Electronic Signatures
      • System Access Controls
      • Record Retention
      • Record Protection
Powered by GitBook
On this page
  • Overview
  • Security Governance
  • Continuous Improvement
  • Conclusion

Was this helpful?

Export as PDF

Organizational security

Overview

At Ubidots, we understand that effective security starts from within. Our organizational security practices are designed to ensure that every member of our team understands their role in maintaining the integrity and confidentiality of the data we handle. This section outlines our internal management of security, detailing the roles and responsibilities that underscore our commitment to security at every level of our organization.

Security Governance

Leadership Commitment

  • Executive Oversight: As company leaders and co-founders, our Chief Executive Officer (CEO) and our Chief Technology Officer (CTO) understand the strategic value of placing security at the center of our product, and are actively involved in overseeing its integration across all aspects of our operations. Moreover, the increased demand for Enterprise licenses has reinforced the fact that security considerations need to be prioritized at the highest levels of the company.

Security Roles

As a small but agile team, we do not have dedicated security staff. Instead, security responsibilities are integrated into our development and operational processes.

  • Scrum Master: Works across all teams to ensure that security practices are integrated into all aspects of our technology and business operations.

  • DevOps Team: Monitor our systems for security incidents, manage response strategies, and update defense mechanisms in response to new threats.

  • CTO: Maintains technical controls, manages access rights, and ensures the operational health of our security infrastructure.

Employee Involvement

  • All Employees: Receive regular security advise focused on recognizing and mitigating security threats. Each employee is responsible for adhering to our security policies, ensuring that security practices are followed within their daily roles.

Continuous Improvement

  • Feedback Loops: We employ regular feedback mechanisms between the security roles and other teams to ensure that our security practices are continuously updated and improved.

  • Security Audits: Internal and external security audits are conducted regularly to assess and enhance our security measures. These audits help identify vulnerabilities and ensure compliance with industry standards.

Conclusion

At Ubidots, organizational security is a collective responsibility. We believe that maintaining a strong security posture requires the involvement of every employee, supported by a security-trained engineering team. By defining clear roles and responsibilities and providing ongoing training and awareness, we ensure that our security measures are robust and effective.

PreviousIntroductionNextUbidots Architecture

Last updated 1 year ago

Was this helpful?