Security is at the forefront of our innovation
We've always held ourselves to the highest industry standards, especially when it comes to security. The Swapcard team worked hard to achieve SOC 2 Type 2 attestation in 2022 and ISO 27001 certification in 2023. You can request a copy of the audit report by writing to security@swapcard[.]com.
You can verify the validity of our ISO certificate by entering our certificate number 246369 via this link: https://www.british-assessment.co.uk/verify-certification/
*Swapcard complies with GDPR as a EU-based company
Learn more about security at Swapcard
Security Policies
At Swapcard we strive to define and follow rules according to security best practices. As a result, we have policies covering the following topics:
General Information Security Policy
User Access Charter/Acceptable Use Policy
Password Policy
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Data Backup and Recovery Policy
Security Incident Management Policy (and processes)
Cryptography Policy
Secure Development Life Cycle (SDLC) Policy
Logical Access Control Policy
Change Management Process
Risk Management Process
Security Controls
We run multiple technical security controls across our platform, including:
Annual penetration test covering our web platform and our mobile applications (iOS and Android). See our latest certificate here
Quarterly vulnerability scans - external and internal
Bug Bounty Program (private program on yesWeHack)
Code security analysis tool (Static Application Security Testing)
Network Security
At Swapcard, we take network security seriously. This is why we have state-of the-art multilayer protections:
Firewalls
Web Application Firewall (WAF)
Anti-DDOS (AWS Shield Advanced)
Intrusion Detection System (IDS)
Swapcard back-office accessible only through VPN with MFA by need-to-know staff
Data Protection
The security of your data is our highest priority. We only use tried and tested official public cryptographic algorithms to protect your data:
Encryption at rest - AES-256
Encryption in transit - TLS v1.2
We also implement strict access control of data through the use of nominative accounts and MFA security.
Operational Security
We run regular patch management operations on all our servers and laptops
Swapcard platform logs are sent to a central SIEM and analyzed by a 24/7/365 SOC team for correlation and alerting
BCP/DRP/Resilience/High availability/High capacity
Our architecture is built from the ground up to be highly available by utilizing multiple Availability Zones in AWS. We use load-balancers and autoscaling to automatically manage load changes on the platform
We optimize delivery performance around the world with Fastly and Cloudfront as CDN
We have a fully functional Disaster Recovery environment with backups in another AWS region (eu-west-3)
We have a BCP and a DRP that we test annually to ensure we are prepared for potential disaster events
Physical Security
All our data and servers are in AWS data centers, and their security is described here: https://aws.amazon.com/compliance/data-center/controls/
We optimize delivery performance around the world with Fastly and Cloudfront as CDN
We have a fully functional Disaster Recovery environment with backups in another AWS region (eu-west-3)
We have a BCP and a DRP that we test annually to ensure we are prepared for potential disaster events
Compliance
GDPR
We have declared our DPO to the French CNIL.
You can find our Privacy Policy here: https://www.swapcard.com/privacy-policy
You can find our standard DPA with our list of sub-processors here.
All Swapcard platform data is hosted in:
AWS Ireland datacenter (main data hosting and data processing)
Mailgun also in EU (for emails only)
SOC 2
We have renewed our SOC 2 Type 2 attestation at the end of 2022 (valid for 2023).
You can request a copy of the latest audit report to security@swapcard[.]com.
ISO 27001
We are ISO 27001 certified from July 2023. You can verify the validity of our ISO certificate by entering our certificate number 246369 via this link: https://www.british-assessment.co.uk/verify-certification/
Still have questions? Contact us at security@swapcard[.]com