Cyber Security Center

At Debexpert, we want to provide you with the best service for the debt market. In order to continuously improve and provide services to Debexpert platform users, we use our user's personal information. We are also committed to protecting your data privacy and security. To learn more, check out the privacy resources below.

We provide safe service

At Debexpert, we prioritize data privacy for your business. That's why we use the latest technologies and approaches to ensure your data is securely protected and to prevent unauthorized access to your account. Your data is not shown and cannot be shared with users of other Debexpert accounts under any circumstances.

We take a comprehensive approach to meet these points:

Technical factor

We take all the necessary measures from a technical point of view.

Human factor

We work with the 'human factor' using regulations, documents and instructions.

Zero Trust Concept

Zero trust assumes that threats can come from anywhere and it is not possible to describe and prioritize them in advance. Debexpert adheres to the following core principles:

Mandatory verification

Always performs authentication and authorization based on all available data metrics.

Least privilege access

Restrict user access through role-based access model, risk-based adaptive policies, and data protection.

Control and monitoring

Conduct event collection on Debexpert systems and verify all events to prevent and detect attacks in a timely manner.

Data encryption

Debexpert data is accessed via a secure connection using HTTPS/TLS cryptographic protocol and data is encrypted using the AES standard. To protect payment data, we use TLS 1.2 encryption on the transport layer. On the application layer, Debexpert allows end-to-end encryption with a private key not known to third parties.

Data backup

To guarantee the safety of information in case of possible irreversible loss (failure in the primary data center), we produce a backup for a high level of service availability. Data is replicated to the backup data center, so in case of failure the entire infrastructure will be restored automatically in minutes.

Data privacy

At the heart of Debexpert's approach to privacy is a commitment to giving users full control over the data they share. In other words, by using Debexpert you control your own data.

Debexpert considers any manipulation of the platform's data – moving, giving access to other users without authorization of the owner, modifying or selling it – a gross violation of rights and guarantees you complete confidentiality. Debexpert users' data is secure because accounts are isolated from each other at the software code level, users of one account cannot access information stored in another account.

Secure Software Development Lifecycle

Implementing Secure Software Development Lifecycle (SDLC) measures at all stages of the software development cycle is a prerequisite for software companies to be competitive in the marketplace. Debexpert has implemented best practices in its software development process to provide more reliable and secure products to our customers. In particular, the Debexpert SDLC takes into account industry best practices for secure programming such as OWASP as well as NIST (e.g. NIST SP 800-64, SP 800-100).

Data storage

Debexpert uses AWS to provide a service with a high level of availability, confidentiality and integrity. AWS helps ensure compliance with nearly every regulatory agency worldwide and supports a large number of security standards and compliance certifications, including:

Debexpert security meets enterprise level

Network & application protection

Debexpert uses network and application security services such as Cloudflare, which help inspect and filter traffic to prevent unauthorized access at the host, network, and application levels.

Debexpert is protected by Cloudflare

Network and application security services inspect and filter traffic to prevent unauthorized access to resources. At the network level, the Network Firewall allows you to tightly control traffic to, from, and between Debexpert servers using features such as stateful inspection, intrusion prevention, and web filtering. To protect web applications, the Web Application Firewall (Cloudflare) allows you to filter any part of a web request, such as IP addresses, HTTP headers, HTTP body, or URI strings, to block common attacks listed in the OWASP Top 10. The service also protects networks and applications from even the largest DDoS attacks and offers managed detection and response to repel targeted attacks.

https://www.cloudflare.com/it-it/multi-cloud/aws/

To contact the Data Protection Officer, send us an email

dpo@debexpert.com

Interested in buying or selling debt portfolios? Let's connect!
Fill out this form 👇