Edays uses an agile development methodology with 2-week sprints involving regular backlog refinement meetings, sprint planning meetings, and a sprint review and retrospective at the end. Testing is performed within the sprint, so code updates and developments can be released on a regular basis.
Edays uses a roles-based access control system throughout all aspects of the company. Using a combination of Active Directory and Azure Active Directory to enable permissions for users throughout the organization. This allows Edays to control access to sensitive data and resources.
Edays utilizes a range of cryptographic controls to keep your data secure. Encryption is used throughout the edays solution, both for data at rest and data encryption in transit.
Employees working in roles that have access to customer or sensitive data are required to undergo a credit and criminal records check. This will be undertaken before the employee starts in the role, but Edays reserves the right to re-check individuals over the course of their employment.
Penetration testing and vulnerability scanning.
Application security is crucial to keep customer data security. That is why Edays conducts annual third-party penetration testing and weekly vulnerability scans to make sure the Edays code is secured against the latest threats.
At Edays, the security of our customers data is a top priority and on 5th November 2019 Edays was issued the certificate to confirm the company’s compliance with the ISO 27001 standard.
ISO 27001 is the international standard that helps businesses to manage their information security in line with industry-recognized best practices. It offers a set of specifications for businesses to adhere to that will ensure they have strong information security management.
Edays chose Microsoft to host the Edays application due to their commitment to security and compliance offerings. Microsoft has an extensive number of certifications that are within the PDF which you can download below. If you would like more information on Microsoft’s compliance offerings, you can visit their website and read all their compliance offerings here.