| 1. Application & Input Controls | ||
|---|---|---|
| Control Domain | Implementation Policy | Rationale / Mitigation |
| Input & Output Validation | We validate all application inputs to ensure they match expected formats and sanitize all outputs used to render HTML documents. We strictly use parameterised interfaces for database queries. | Mitigates injection attacks, data manipulation, and Cross-Site Scripting (XSS). |
| Malware Scanning | All uploaded documents and files are actively scanned for malware by our Document Processing engine before any further processing occurs. | Prevents system exploits and protects downstream users from infections. |
| Header Security | We implement minimally permissive Content Security Policy (CSP) response headers. We enforce HTTP Strict Transport Security (HSTS) headers with a maximum age of at least 1 year (31536000 seconds). | Mitigates cross-site scripting (XSS) and protocol downgrade attacks. |
| 2. Identity, Access & Authentication Controls | ||
|---|---|---|
| Control Domain | Implementation Policy | Rationale / Mitigation |
| Principle of Least Privilege | Access is denied by default; we grant only minimum permissions required. We perform access control checks on all authenticated requests. | Prevents unauthorized access and privilege escalation. |
| Authentication Standards | We require Multi-Factor Authentication (MFA) for privileged accounts at login. Rate-limiting is applied on all authentication mechanisms. | Deters brute-force attacks and credential theft. |
| Password & Credential Policy | Passwords must be at least 8 characters and include a number or special character. Passwords are stored as salted hashes resistant to offline attacks (NIST SP 800-63b standards), with salts at least 32 bits long. Long-lived static credentials are strictly rotated. | Protects against data breaches, offline extraction, and compromised accounts. |
| Session Management | Users are required to re-authenticate after their session exceeds 168 hours (7 days), or the session is automatically terminated. Session tokens do not contain email after login. | Prevents unauthorized actions on abandoned sessions. |
| 3. Cryptography & Infrastructure Controls | ||
|---|---|---|
| Control Domain | Implementation Policy | Rationale / Mitigation |
| Encryption (Transit & Rest) | Data is encrypted in transit using valid, trusted SSL/TLS certificates across the Client Layer. Data is encrypted at rest within the Database Layer and File Storage Layer (Server-Side Encryption). | Prevents eavesdropping, man-in-the-middle attacks, and physical media compromise. |
| Key & Secrets Management | Cryptographic keys are rotated every 365 days. Application secrets are stored in a secure secrets management solution with strict access control; they are provided to containers at runtime, never at build time. | Reduces risk of broken encryption or exposed hard-coded credentials. |
| Container Security | Containers run as non-root default users. Container root filesystems are configured as read-only during runtime. Images are hosted in private container registries. | Minimizes attack surface and prevents unauthorized runtime modifications. |
| Network & System Segmentation | System components are segmented into separate physical and logical networks. Direct traffic from the internet is aggressively filtered via network and application layer firewalls. | Contains potential breaches and protects private resources. |
| 4. Logging, Auditing & Resilience Controls | ||
|---|---|---|
| Control Domain | Implementation Policy | Rationale / Mitigation |
| Log Sanitisation & Storage | Logs are sanitized to protect sensitive data before recording. Logs are stored in a separate, tamper-resistant system protected from modification or deletion. | Preserves forensic integrity while strictly maintaining user privacy. |
| Backup & Recovery SLAs | Important data is backed up at least every 24 hours to a secure, separate location. Backups are immutable and cannot be modified or deleted for exactly 365 days. Recovery testing is conducted every 365 days. | Ensures business continuity and resilience against catastrophic hardware failure or ransomware. |
| Vulnerability Management SLAs | We triage and remediate vulnerabilities within strict timeframes: Critical (4 hours), High (24 hours), Medium/Low (2-5 days). | Limits the exposure window for known exploits. |
| Data Residency | We enforce strict data residency entirely within Singapore. | Ensures compliance with local regulatory frameworks. |