attachmentAV API (SaaS): Security
Close attack vectors and increase application security by adding virus and malware protection powered by attachmentAV API (SaaS).
ISO 27001 and GDPR compliance (#)
First of all, we are ISO 27001 certified and GDPR complaint.
Here is an exceprt, of our security controls.
- Transmission Confidentiality: We have set up processes to utilize standard encryption methods, including HTTPS with the TLS algorithm, to keep transmitted data confidential.
- Encrypting Data At Rest We have set up cryptographic mechanisms to encrypt all production databases and storage systems that store customer data at rest.
- Centralized Collection of Security Event Logs: Our infrastructure is configured to generate audit events for actions of interest related to security for all critical systems.
- Vulnerability Remediation Process: We identifiy vulnerabilities on the Company platform through the execution of regular vulnerability scans.
For more details about our security policies and controls as well as the certificates, please visit our trust center.
Jurisdiction/Region (#)
attachmentAV API (SaaS) processes data in the jurisdiction/region: EU (European Union).
Are you required to ensure data processing in another region of the world? Let us know!
Protecting data in transit (#)
attachmentAV encrypts data in transit as illustrated in the following figure.
- Client sends file to attachmentAV API: HTTPS/TLS
- Backend downloads file (optional): HTTPS/TLS
- Backend sends scan result callaback URL (optional): HTTP/TLS
Protecting data at rest (#)
To be able to scan files for viruses, trojans and other kinds of malware, attachmentAV temporarily persists data.
- attachmentAV recieves or downloads the file.
- attachmentAV temporarily stores the file on an encrypted volume.
- attachmentAV calls the Sophos engine to scan the file.
- attachmentAV deletes the file.
- attachmenAV returns the scan result.
We use encrypted volumes to ensure confidentiality of the temporary data.