Security Policy

1. Our Commitment

At Arekan Software, security is at the core of everything we do. We are committed to maintaining the highest standards of information security to protect our clients, their data, and our systems.

2. Infrastructure Security

Our infrastructure is protected by multiple layers of security controls:

• Encrypted data transmission using TLS 1.3
• Regular vulnerability assessments and penetration testing
• Network segmentation and firewall protection
• Continuous monitoring and intrusion detection systems
• Automated security patching and updates

3. Data Protection

We implement comprehensive data protection measures:

• Encryption at rest and in transit for all sensitive data
• Strict access controls based on the principle of least privilege
• Regular data backups with encrypted storage
• Secure data disposal procedures

4. Development Practices

Our software development follows security best practices:

• Secure coding standards aligned with OWASP guidelines
• Code reviews with security-focused analysis
• Automated security testing in CI/CD pipelines
• Dependency vulnerability scanning

5. Incident Response

We maintain a formal incident response plan that includes identification, containment, eradication, recovery, and lessons learned. In the event of a security incident affecting your data, we will notify you promptly in accordance with applicable regulations.

6. Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please contact us at [email protected]. We commit to acknowledging reports within 48 hours and working to resolve confirmed vulnerabilities promptly.

7. Compliance

Our security practices are aligned with internationally recognised standards and frameworks including ISO 27001, OWASP Top 10, and relevant data protection regulations.