Trust at Tastewise

At Tastewise, we’re committed to ensuring the trust and safety of our clients and their data. We employ industry best practices to keep your data safe and secure, giving you the confidence you need to use Tastewise’s platform and services.

new_trust_image_a2077a3976

Governance & Compliance

Tastewise is ISO 27001:2013 and ISO 27017:2015 compliant and operates procedures in line with the EU General Data Protection Regulation (GDPR).

Risk management

We take a proactive approach to information security by conducting regular risk assessments to identify potential threats and vulnerabilities to our information assets. Our assessments consider both the likelihood and potential impact to our business. Based on the results, we select appropriate controls to mitigate the identified risks. To ensure that our risk assessments are up-to-date and relevant, we regularly review them and make updates as needed, especially in response to system changes. Senior leadership is involved in the risk landscape review, which takes place at least once a year.

Information security policies

We conduct annual reviews of our information security policies, or whenever significant changes occur, to ensure they meet the latest industry standards and are approved by senior leadership. These policies are shared throughout the organization and, where relevant, made available to other interested parties.

Internal audit

We conduct regular internal audit programs to ensure the ongoing effectiveness of our information security measures. Findings are reported to senior leadership to ensure we address promptly and identify areas for improvement.

Infrastructure

Amazon Web Services (AWS)

We use the world’s largest public cloud provider to ensure the security and reliability of our platforms and our customers’ data.

High availability

Our platform uses multiple replicated instances to ensure uninterrupted services for our users and is backed by the AWS uptime Service Level Agreement (SLA).

Security

We take the security and privacy of our users’ information very seriously. To ensure the safety of your data, we don’t store any personal information on our servers. Our infrastructure can only be accessed by authorized Tastewise employees.

Monitoring and logging

To ensure the security of our AWS infrastructure, we utilize AWS services: CloudWatch and CloudTrail. These tools enable us to detect and monitor potential threats and maintain a comprehensive audit trail.

Remediation

We’re committed to promptly addressing vulnerabilities in our systems. To this end, we have set internal goals to remedy critical-severity vulnerabilities within 48 hours and high-severity vulnerabilities within 14 days, in line with industry best practices.

Incident response

Our information security team, led by Tastewise’s Chief Information Security Officer (CISO), is made up of seasoned experts in incident response and malware analysis. Our team collaborates closely with our 24/7 Security Operations Center to swiftly and efficiently address any security incidents that may arise.

Application Security

Encryption

Our platforms use encrypted HTTPS protocol exclusively, with automatic redirection of any HTTP requests to HTTPS. Additionally, personal data is encrypted on AWS S3 buckets, using advanced cryptographic algorithms such as AES-256.

Data retention

We take every precaution to ensure that personal data is safe and secure on our platform and we don’t store personal information on our servers.

Secure Software Development Lifecycle (SSDLC)

At Tastewise our Research and Development (R&D) team is dedicated to providing our clients with the best, most secure platform. To achieve this, we adhere to documented SSDLC procedures throughout the development process. Our security specialists provide input during platform development, and we follow industry best practices such as the OWASP Top 10. All code undergoes review before being merged into the main branch. We recognize the importance of staying up-to-date with the latest developments in information security, which is why our R&D team receives ongoing training.

Penetration testing

We take our commitment to secure development and information security seriously. To support this, we engage an independent, external team of cybersecurity experts with extensive experience to perform penetration tests on our platforms at least once a year. These experts use the latest tools and techniques to simulate real-world attacks, ensuring that our platforms remain secure and protected against evolving threats.

Corporate Security

Single Sign-On (SSO)

To streamline authentication across our SaaS tools, we utilize a leading SSO platform. Our IT and security teams benefit from simplified user provisioning and deprovisioning. Companies can log in to the Tastewise platform with SSO using their own personal log in on their internal systems.

Endpoint security

We prioritize the security of our corporate-managed devices by encrypting all confidential information and enrolling them in a device management platform for centralized monitoring and management. The platform includes features for applying system updates, as well as remote disabling or wiping in the event of a lost or compromised device.

Antivirus and anti-malware

We require all Tastewise employee equipment to have antivirus and anti-malware installed. Our ESET solution is backed by a team of cybersecurity experts working 24/7 to prevent threats and attacks.

Email security

Our email suite’s security is fortified by integrating advanced malware and phishing protection.

Vendor risk management

We take vendor security seriously and have implemented stringent security requirements based on the risks posed to our company and clients. To streamline the process, we’ve partnered with a top-tier third-party security management platform to automate vendor management.

Human Resources

Security awareness training

Protecting our company and clients starts with ensuring we’re all prepared to assist in keeping our environment safe. This involves putting best practices and policies in place that promote security and training employees to be able to identify and avoid risks. Every employee is required to complete information security awareness training as part of their onboarding process and annual GDPR training.

Onboarding

Every new Tastewise employee is required to participate in onboarding. We ensure that all of our employees are familiar with our information security policies and adhere to them. To guarantee that all employees stay informed of any policy updates, we utilize a centralized platform to manage policy updates and attestation. By doing so, we can be confident that everyone is working with the latest version of our policies. Haven’t found the answer you’re looking for? [Reach out](mailto:info@tastewise.io) to get more information.