Security Details

At PaperScorer, security isn't just a priority—it's our commitment. We understand that in today's digital landscape, safeguarding sensitive information isn't just a box to check; it's a continuous journey of vigilance and adaptation. From implementing robust encryption protocols to fostering a culture of awareness and responsibility among our team, we spare no effort in ensuring the integrity and confidentiality of our data and that of our clients. Our dedication to security isn't just about meeting compliance standards; it's about earning trust and peace of mind, knowing that every measure has been taken to fortify our digital fortress against emerging threats.

Below are some of the highlights of our security practices here at PaperScorer.

Institutional Securty

Information Security Program
PaperScorer follows SOC 2 compliance and it's a cornerstone of our commitment to excellence and trustworthiness. We adhere rigorously to the SOC 2 framework, ensuring that our systems, processes, and controls meet the highest standards for security, availability, processing integrity, confidentiality, and privacy. Our policy prioritizes transparency and accountability, providing assurance to our clients that their data is handled with the utmost care and integrity. Through regular audits, assessments, and continuous improvement initiatives, we maintain our SOC 2 compliance as a testament to our unwavering dedication to safeguarding the interests of our clients and stakeholders.
Third Party Audits
We believe in reinforcing our commitment to security through third-party audits. By subjecting our systems, processes, and controls to independent scrutiny, we ensure the highest level of trust and confidence in our security measures. These audits provide an objective assessment of our security posture, validating our adherence to industry best practices and regulatory standards. We view third-party audits not just as a compliance exercise, but as an opportunity to enhance our security posture by leveraging the expertise and insights of external auditors. Through these audits, we demonstrate our unwavering dedication to protecting the confidentiality, integrity, and availability of our data and that of our clients, fostering trust and peace of mind in an increasingly interconnected world.
Roles and Responsibilities
In our organization, ensuring robust application security is a collective effort that involves clear delineation of roles and responsibilities. Our development team holds the primary responsibility for integrating security best practices throughout the software development lifecycle, from design to deployment. They are tasked with implementing secure coding practices, conducting thorough code reviews, and integrating security testing tools into their workflows. The security team collaborates closely with developers to provide guidance, conduct risk assessments, and ensure compliance with security policies and standards.

Additionally, our operations team is responsible for maintaining a secure environment for hosting and deploying applications, including timely patching, configuring robust access controls, and monitoring for suspicious activities. Lastly, every member of our organization plays a role in promoting a culture of security awareness and accountability, where all employees are empowered to identify and report security vulnerabilities or incidents promptly. By fostering collaboration and shared responsibility across teams, we ensure that application security remains a top priority at every stage of our development and deployment processes.
Security Awareness Training
We recognize that a strong security posture begins with knowledgeable and vigilant employees. That's why we have implemented a comprehensive security awareness training policy aimed at equipping our workforce with the knowledge and skills necessary to identify and mitigate security risks effectively. Through regular training sessions, workshops, and educational materials, we ensure that all employees understand the latest cybersecurity threats, best practices for safeguarding sensitive information, and their roles and responsibilities in maintaining a secure environment. Our training covers a range of topics, including phishing awareness, password hygiene, data handling procedures, and incident response protocols. Furthermore, we promote a culture of continuous learning and improvement, encouraging employees to stay informed about emerging threats and actively participate in security initiatives. By investing in the education and awareness of our workforce, we empower our employees to become the first line of defense against cyber threats, safeguarding our organization's assets and reputation.
Our security practices ensure the protection of sensitive information at every level. We recognize the paramount importance of safeguarding proprietary data, client information, and internal strategies from unauthorized access or disclosure. Through robust encryption methods, stringent access controls, and rigorous data handling procedures, we establish a fortified barrier against potential breaches. Our commitment to confidentiality extends beyond technological measures to encompass comprehensive policies, regular audits, and continuous employee training. Every team member is entrusted with the responsibility of upholding confidentiality standards, fostering a culture of discretion and accountability throughout the organization. By prioritizing confidentiality in our security framework, we not only safeguard the integrity of our company but also honor the trust placed in us by clients and stakeholders alike.
Background Checks
We make sure that every individual we welcome into our organization aligns with our commitment to trust and integrity. Through comprehensive screenings, including criminal background checks, employment verification, and reference checks, we strive to mitigate potential risks and safeguard the safety and security of our workplace. By thoroughly vetting candidates before they join our team, we uphold the confidence and peace of mind of our clients and stakeholders, knowing that our workforce comprises individuals who demonstrate honesty, reliability, and ethical conduct. Our dedication to conducting thorough background checks underscores our unwavering commitment to maintaining a secure environment for both our employees and the sensitive information we handle.

Infrastructure Security

Cloud Infrastructure Security
With the migration of critical operations to the cloud, we prioritize robust security measures to mitigate potential risks and vulnerabilities. Through stringent access controls, encryption protocols, and regular security audits, we establish a fortified barrier against unauthorized access, data breaches, and other cyber threats. We partner with trusted cloud service providers who adhere to industry-leading security standards and certifications, ensuring the integrity and confidentiality of our information assets. Additionally, our proactive monitoring and incident response protocols enable us to swiftly identify and address security incidents, maintaining the resilience and availability of our cloud-based systems. PaperScorer is hosting at Linode(Akamai) and AWS.
Read the Linode(Akamai) security documentation.
Read the AWS security documentation.
Data Hosting Security
Confidentiality, integrity, and availability of our critical information assets is a top priority for PaperScorer. We prioritize robust security measures to protect our data hosted in both on-premises and cloud environments. Through stringent access controls, encryption techniques, and multi-layered authentication mechanisms, we establish a fortified barrier against unauthorized access and cyber threats. Our data centers adhere to industry-leading security standards, undergo regular audits, and employ physical security measures to safeguard against physical breaches. Additionally, we implement comprehensive data backup and disaster recovery procedures to ensure business continuity in the event of unforeseen incidents.
Database Encryption
Our policy mandates that all sensitive data, including personally identifiable information (PII) and financial records, be encrypted to mitigate the risk of unauthorized access or data breaches. Additionally, access to encrypted data is tightly controlled through role-based access controls and authentication mechanisms, ensuring that only authorized personnel can decrypt and access sensitive information.
Transmitting Data
We recognize TLS and SSL as industry-standard encryption protocols that provide robust security measures to protect sensitive information during transmission. This policy applies to all internal and external communication channels, including email, web browsing, file transfers, and other data exchanges. By adhering to this policy, we ensure that data transmitted over networks remains confidential and secure, mitigating the risk of interception or unauthorized access. Furthermore, our policy encompasses regular monitoring and updates to TLS and SSL configurations to address emerging security vulnerabilities and maintain compliance with the latest industry standards.
Vulnerability Scanning
We mandate regular vulnerability scans across all systems, networks, and applications to assess for known vulnerabilities and emerging threats. These scans are conducted using industry-standard tools and methodologies, and the results are meticulously analyzed to prioritize remediation efforts based on risk severity. Our policy dictates that identified vulnerabilities must be promptly addressed through patching, configuration changes, or other remedial actions to mitigate the risk of exploitation. Additionally, we enforce periodic vulnerability assessments to ensure continuous monitoring of our security posture and compliance with industry regulations and best practices.
Logging and Monitoring
We require comprehensive logging of all system and network activities, including access attempts, configuration changes, and security events. These logs are stored securely and regularly reviewed to detect and investigate any suspicious or unauthorized activities. Additionally, we employ advanced monitoring tools and techniques to continuously monitor our systems and networks for anomalies and potential security incidents. Our policy dictates real-time alerts for any unusual activities, enabling swift response and remediation to mitigate potential risks. Furthermore, we conduct regular audits and assessments of our logging and monitoring practices to ensure compliance with industry standards and regulatory requirements.

Want to see our product in action?

Book a meeting with our team today to explore your institution's objectives and discover how PaperScorer can assist in reaching them.

Book a Demo