Security and Privacy Policy

Philosophy

Our products are architected with security being the most important design objective. Our Security Policies follow established international standards. We are continually working to maintain the highest practical security measures in all areas.
 
 

Standard

Socrates, AI is compliant with the ISO 27001:2013 Information Security Management standard. We have adopted the entire Policy set and our internal procedures are aligned.
 
 

Testing

In addition to internal testing and audits, we partner with independent third-party security firms for dynamic application scanning, penetration testing, and static code analysis.
 
 

Patching

We consider it imperative that all our own code, open source software, servers, and infrastructure is continually maintained to current tested versions.
 
 

SSL/TLS communications

Socrates, AI uses the SSL/TLS (OpenSSL) communications protocol. It provides authentication and protection against eavesdropping, tampering and message forgery.
 
 

Network Access Controls

Network access to and from the DMZ is controlled by dedicated firewall and IPS devices. Access to servers require use of VPN with multi-factor authentication and extensive access monitoring.

Our Information Security team monitors internal and external security events 24×7 and implements corrective actions. Systems access logged and tracked for auditing purposes.
 
 

Hosting facilities

Our servers are hosted in in Amazon EC2 PCI DSS and ISO 27001 certified facilities. Multi-tenant and instance segregation infrastructure is backed up frequently.