Securing our staff
At yasoon, we take security very seriously. Our management team, composed of our CTO, our CEO, and our COO, has a wealth of experience and expertise in all aspects of security, from the technical to the organizational and human resources. They lead the security strategy and implementation across the company, ensuring that we follow the best practices and standards in the industry.
But security is not just a top-down approach at yasoon. It is also a shared responsibility and a core value for everyone who works with us. We make sure that our staff is aware of the importance of security and the role they play in achieving it. We provide them with regular training, feedback, and support to help them maintain and improve our security posture.
Security awareness
We ensure that all staff undergo security awareness training during the onboarding process and regularly thereafter to keep security at the forefront of their minds. Our security awareness training program covers various topics, including current threats and scams, secure working practices, behaviors that pose security risks, as well as compliance and regulatory issues. Additionally, our developers have access to specialized training on secure coding.
Our internal security wiki and accessible policies in our compliance tool Vanta make it easy for staff to find guidance. Security updates are often included in all-hands meetings.
Furthermore, we maintain open communication channels between employees and the security team through Teams chat and channel announcements. This accessibility ensures that the security team is readily available to all yasoon staff.
Access management
We follow the principle of least privilege, which means we only give staff the data access they need for their role. Staff use individual accounts (not shared ones) and multifactor authentification to access data. All accounts are connected and managed by our central AzureAD using SSO. If staff need more access, they must submit a ticket with a valid reason. Only our core management team can approve or deny these requests. We also check and remove any unnecessary accesses regularly.