The Development Process
There are three key areas of management in our software development process to ensure suitable coding practices are followed throughout, all processes are carried out effectively, the appropriate tests are conducted, and all changes are analyzed for impact prior to implementation.
After release, penetration tests are conducted both on endpoints and the system backend, including testing of source code and review of APIs to identify any security vulnerabilities. These tests are conducted annually, with a full report including the scope of the test available to customers in the Trust Center.
Vulnerability scans are conducted regularly using a series of known external scanners to test for security weaknesses in software systems. Results are generated by industry-standard providers Security Scorecard, Intruder, and Pentest-Tools, and others. Vulnerability scan reports are generated annually and are available to the public in the Admin By Request Trust Center.