Welcome to the Security Policy of Edoubleone ('Edoubleone,' 'we,' 'us,' or 'our'). As a global software solutions company headquartered in Maryland, USA, with a diverse team of experts across the world, we understand that security is a non-negotiable component of modern digital infrastructure.
This Security Policy outlines our unwavering commitment to protecting the confidentiality, integrity, and availability of our information systems, our client's proprietary data, and the digital products we build. We approach every project with the precision and excellence necessary to ensure a lasting, secure impact.
The primary objective of this policy is to establish a robust security framework that mitigates risks and builds trust. This policy is aligned with our core values:
Innovation: Utilizing future-ready security technologies and practices.
Collaboration: Working closely with clients to ensure their specific security needs are met.
Excellence: Delivering high-quality solutions focused on precision and secure impact.
Edoubleone adheres to relevant legal, regulatory, and contractual obligations. As a Maryland-headquartered entity, we are guided by:
The Maryland Personal Information Protection Act (MPIPA) regarding the protection of personal data.
Relevant federal standards for data handling and breach notification.
Contractual security requirements specified by our global clients.
We maintain an internal security governance structure to oversee the implementation, enforcement, and continuous improvement of our security practices.
We implement layered technical controls to safeguard our environment and your data:
We utilize corporate-grade firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) to manage and monitor network traffic.
All corporate endpoints (laptops, servers) are protected with advanced anti-malware and endpoint detection and response (EDR) solutions.
Data transmission between users, the website, and our backend systems is encrypted using robust Transport Layer Security (TLS/SSL) protocols.
Principle of Least Privilege: Access to sensitive data and systems is granted only to personnel who require it for their specific role, minimizing unnecessary access.
Authentication: We enforce complex password requirements. Multi-Factor Authentication (MFA) is mandatory for accessing all critical systems and client environments.
Access Reviews: We conduct regular reviews of user access rights to ensure they remain appropriate.
Sensitive client data, source code, and intellectual property are encrypted when stored (encryption at rest) using industry-standard algorithms.
We utilize secure file transfer protocols (SFTP) for the exchange of data with clients.
Our core competency is building scalable, well-optimized software solutions that grow with your business. To ensure these products are future-ready, security is integrated from the start small phase through the scale up phase.
Security by Design: Security requirements are established during the initial design and architecture phase.
Secure Coding Standards: Our global developers follow recognized secure coding standards (e.g., OWASP Top 10) to mitigate common vulnerabilities.
Vulnerability Testing: We perform automated static and dynamic analysis (SAST/DAST) on code before deployment. Regular manual penetration testing is conducted on critical applications.
6.1. Patch Management
We maintain a rigorous patch management process to ensure all software, operating systems, and application dependencies are promptly updated with the latest security fixes.
We collect and retain detailed logs from servers, applications, and security devices. These logs are centrally monitored to detect anomalous behavior and potential security incidents.
All Edoubleone employees and contractors must undergo background checks (where legally permissible) and sign comprehensive Non-Disclosure Agreements (NDAs).
Edoubleone maintains a dedicated Security Incident Response Plan (SIRP). In the event of a confirmed security breach that affects client data, we will:
Execute immediate containment and mitigation steps.
Notify affected clients as soon as reasonably possible, adhering to all legal requirements for breach notification (e.g., under MPIPA).
Coordinate with legal and forensic experts to investigate the root cause.
While Edoubleone takes immense responsibility for securing our infrastructure and the solutions we deliver, clients hold certain responsibilities in a shared security model:
User Credentials: Clients are responsible for the security of credentials they create within the applications we build (e.g., user passwords).
Operational Security: Clients must manage the security of their own internal networks and devices used to access the software.
If you have any questions about our security practices, or if you need to report a potential security vulnerability, please contact us:
Address: 7404 Executive Place Lanham, MD 20706, USA