Tassel Turner employs strong encryption methods and key management procedures at all levels of the platform, ensuring that data remains encrypted in transit, at work, and while at rest.
Tassel Turner is fully hosted with Amazon Web Services to gain the compound benefits of limiting security concerns to a centralized vendor. These include the ability to manage configurations through uniform policies, granular IAM controls for least privilege access, end-to-end inspection of configuration and system activity, and observable data flows through managed services.
We also benefit from the physical security of a trusted cloud vendor where Tassel Turner personnel neither have nor require physical access to data centers, servers, network equipment, or storage. Amazon’s data center operations have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
We follow a secure software development lifecycle to ensure security considerations are accounted for beginning at the earliest design stages through development and to live operations.
This entails implementing security requirements and performing security reviews of new features and new libraries added to the application stack. We use a variety of static analysis tools to scan both proprietary code and 3rd party libraries for vulnerabilities and risks like unvalidated input and SQL injection.
Our automated test suite meets C1 and C2 levels of code coverage to prevent regressions and highlight any gaps in test scenarios. And we sustain a secure runtime environment through dynamic analysis tools and a controlled release process.
Security is a moving target that requires continual updates to infrastructure and systems to take advantage of new security capabilities and address common vulnerabilities and exposures (CVE).
Tassel Turner is designed to resolve risks and threats without customer impact or involvement. Platform services are built as part of a continuous delivery pipeline that makes it easy to apply the latest libraries and patches, and upgrade production servers and software. To ensure reliable updates we rely on an extensive suite of tests and checks that occur as part of the build process, along with the ability to rollback in the event of regression issues.
We maintain security incident management procedures, and act without undue delay to notify impacted parties of any data breach or security compromise. Following an incident we will provide a transparent post-incident writeup including a root cause analysis and countermeasures taken to rectify the issue.
We impose a variety of organizational controls to secure our staff and operations.
We welcome and indemnify any responsible disclosures from Tassel Turner users or industry security researchers, and are committed to acting on your feedback to make our platform safer.
If you believe you have discovered a vulnerability, please don’t hesitate to contact us at email@example.com and provide as many details as possible to assist our team to confirm and investigate your report. Once you submit a report, we promise to do the following.