SecureDawn Security Portal
SecureDawn is a product that enables teams to more efficiently convey their security posture to users of their products by automating the completion of security questionnaires and providing a framework to communicate with customers.
SecureDawn was built by a team of security professionals with decades of experience providing security and software development services to startups, fortune 100 organizations, the United States federal government, and the Department of Defense.
Vendor Management Review
Subcontractors do not have access to customer data - with the exception of AWS whose security processes are outlined in the AWS SOC2 Report.
Approved Risk Management Program
SecureDawn periodically evaluates its compliance with security standards, by conducting security risk assessments.
SecureDawn conducts a documented assessment of security controls at least annually. The assessment is conducted to determine the extent to which controls are implemented correctly, operating as intended, and producing the desired outcome. Technical and non-technical evaluations are also conducted periodically to identify any new risks or to determine the effectiveness of the Security Policies and Procedures.
Data Encrypted at Rest
SecureDawn configures all systems housing customer data to encrypt data at rest. Data is encrypted using the AES-256 encryption algorithm with encryption keys managed by a key management solution.
Customer Data Removal
Customer data is removed from SecureDawn systems within 30 days of account deletion.
Single Sign On
SecureDawn currently supports GSuite authentication integration.
Our team is currently investigating implementing SAML.
Service Level Agreement
A service level agreement is available to enterprise tier customers. Contact support@securedawn.com for more information.
Data Encrypted in Transit
All data transmitted and received by the SecureDawn platform in encrypted in transit utilizing TLS 1.2.
Anti-Malware Policy
External Vulnerability Scanning
Internal Vulnerability Scanning
Vulnerability Management Process
Vulnerabilities that are discovered they are patched according to criticality and the schedule below:
Critical - within 24 hours
High - within 24 hours
Medium - within 7 days
Penetration Testing
Penetration testing is performed annually by the SecureDawn red team.
Protected Health Information (PHI)
SecureDawn does not collect Protected Health Information.
Personally Identifiable Information (PII)
Our product collects a minimal set of information needed to setup user accounts that utilize the SecureDawn suite of products, as well as for potential customers that request information about your security program. We will never sell or share your information.
For user accounts, and customers requesting information about your security posture, we collect the following information:
First and Last Name
Email address
Children's Online Privacy Protection Rule (COPPA)
Intrusion Detection
The SecureDawn team utilizes an industry leading intrusion detection, prevention, and EDR solution on all endpoint devices.
Intrusion Prevention
The SecureDawn team utilizes an industry leading intrusion detection, prevention, and EDR solution on all endpoint devices.
Network Device Hardening
SecureDawn configures restrictive AWS the use of private subnets and Security Groups internally and externally to ensure systems cannot communicate with unintended systems.
Mobile Device Management Solution
Customer data is not stored on mobile devices.
Log Review and Alerting
End user devices run a best in class endpoint protection solution which reports threats and policy violations to a cloud dashboard managed by the endpoint solution vendor. Issues generate email alerts which are sent to the SecureDawn security team to be classified and prioritized.
Internal Compliance Department
Recovery Point Objective
SecureDawn's recovery point objective is 24 hours.
Business Continuity Plan
SecureDawn has documented policy for business continuity and disaster recovery that has been approved by management.
Recovery Time Objective
SecureDawn's recovery time objective is 24 hours.
Formal Incident Response Plan
SecureDawn has a formal Incident Response Process that can be viewed upon request.
Secure Web Traffic
All web traffic in and out of SecureDawn is encrypted using HTTPS TLS 1.2
Patching Schedule
Production Change Control
Changes can only be applied to our production environment by select senior members of our engineering team and must be reviewed prior to deployment.
Software Development Lifecycle
Code changes undergo internal code review for completeness and security. All team members undergo security training provided by a senior security member of our the SecureDawn team.
Staff Scoped Data Access
SecureDawn staff are not routinely granted access to customer data. If a customer requests a SecureDawn employee have access to their account information a written access request.
Employee access to customer accounts is reviewed quarterly by the internal compliance department.
Internally Shared User Accounts
The SecureDawn team does not share user accounts.
Physical Security Controls
Background Screening
All SecureDawn employees and contractors are required to have a federal and local background check prior to accessing customer data.
Off-boarding Process
When off-boarding an employee, the SecureDawn management team follows an employee dismissal checklist stored in our Human Resources system.
Disciplinary Process
Disciplinary infractions are reviewed by the executive management which decides how the organization should respond as dictated by internal policies.
Employee Agreements
All employees and contractors must agree to an Employee Agreement and a Mutual Non-Disclosure Agreement prior to working with SecureDawn Inc.
Designated Security Point of Contact
Policy Review Cadence
The SecureDawn information security policy is reviewed at least annually or if any major changes occur.
Information Security Policy
The SecureDawn information security policy is owned by the Chief Information Security Officer and approved by the Chief Executive Officer.