Home Capabilities Security Focus Areas Reports Events Team Insights R&D Contact Client Portal
Security

Cyberpert Security Statement

Security is the product, so it has to be true of the company too.

What is true today

  • This website is served entirely over HTTPS with modern TLS.
  • No client data, credentials, or case material is processed by this public website — it is an informational site.
  • The contact form transmits data over an encrypted connection and is rate-limited against abuse.
  • We do not request classified, regulated, or highly sensitive information through public web forms.
  • Internal access to client systems and data follows least-privilege and is logged.

What is on the roadmap

  • Password hashing with Argon2id, unique per-account salts, and no reversible password storage.
  • Mandatory multi-factor authentication for all portal accounts.
  • Encryption at rest for all client and case databases, with envelope encryption and managed keys.
  • TLS 1.2 minimum (1.3 preferred) for every service-to-service connection.
  • Role-based and attribute-based access control aligned to least privilege.
  • Tamper-evident audit logging for access to reports, cases, and evidence.
  • Encrypted, tested, and access-restricted backups.
We would rather tell you what is not built yet than claim a control that doesn't exist.

Frameworks we build against

NIST Cybersecurity Framework 2.0 OWASP ASVS / Top 10 ISO/IEC 27001 principles GDPR Article 32 (security of processing) Privacy by Design