Confidentiality & Security

Confidentiality & Security

At the Resiliency Program we ensure that your data is kept safe and secure. High standards of physical and technical security are essential to protect the confidentiality of personal data. These include:

Data Center Security


Resiliency Program partners with Digital Ocean to provide our data hosting infrastructure at its SOC 2 Type II and ISO 27001 compliant facilities. Data center facilities are powered by redundant power, each with UPS and backup generators.

On-site Security

The Digital Ocean center facilities feature a secured perimeter with multilevel security zones, 24/7 manned security, video surveillance, multifactor identification with biometric access control, physical locks, and security breach alarms.

Data Location

Resiliency Program currently leverages Digital Ocean Data centers in the United States and India.

Application Security


Control over our software development process is key to producing quality software. Security is a critical subset of that quality. That is why all development is done using the Resiliency Program Secure Software Development Lifecycle (S-SDLC) that has been designed and adopted to ensure the software Resiliency Program produces meets compliance requirements and is free of software security defects (to the greatest extent possible) that may expose sensitive data.

Vulnerability Testing

At appropriate stages in the life cycle, vulnerability scans are performed for identification of noncompliance or potential vulnerabilities. At higher-level milestones (the lesser of annually or with any major release), penetration tests are performed at the application level both internally and with a qualified third-party information security expert using both automated and manual testing techniques.

Change Management

Resiliency Program S-SDLC uses an Agile/Scrum process for managing system development activity and has implemented change management and version control software to ensure that all system development changes are sourced from authorized requesters, validated, and prioritized based on business, technical, and security impact. In addition, all changes deployed are tracked for revision control.

Quality Assurance

QA engineers review and test our application both manually and using automated scripts to identify any application and security vulnerabilities

Separate Environments

Dev, QA, UAT and Production environments are separated physically and logically from each other. No client data is ever used in the development, test and UAT environments.

Security Training

Our principle engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and Resiliency Program security controls.

Network Security


Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and 24/7/365 Security Operations Center that monitor and/or block malicious traffic and network attacks.


Our network security architecture consists of multiple security zones. DMZs are used between the internet, and internally between the different zones of trust.

Data Security

Logical Access

Access to the Resiliency Program databases is restricted by an explicit need-to-know basis, utilizes POLP, and is frequently audited. In addition, employees with such access privileges are required to use multiple factors authentication.

Encryption in Transit

Communications between users and the Resiliency Program is encrypted via industry best-practices HTTPS and Transport Layer Security (TLS 1.2 and above) over public networks.

Encryption at Rest

All user and client data stored with Resiliency Program is encrypted at rest using AES-256 bit algorithm with a block/chunk size of 128 bits.

User Security

Authentication Options

Users can sign into the Resiliency Program application using authenticated credentials. Users are also required to use Multi Factor Authentication for secured sign-in to the application. User provisioning and permissioning is managed by our clients.

Secure credential policy

Resiliency Program provides clients the option to define their password change frequency and repeat policy. Password length and password strength are defined based upon industry best practices. BCrypt algorithm is used to hash and salt passwords securely.

Access Privileges and Roles

Authorized Resiliency Program Users are provided with multi-level permissions based upon user and role credentials. The flexible role-based authorization process is governed by each client to ensure data is secure and only made available to those who require access to it.

Incident response & Disaster recovery

Security Incident Response

Our security team is on call 24/7/365 to respond to security alerts and events. In case of a system alert, employees are trained on security incident response processes, including communication channels and escalation paths.

Redundancy & Disaster Recovery

Resiliency Program has put in place network redundancies to eliminate single points of failure. Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster