Diliko Data Management Platform Security Policy

Overview

Diliko is committed to safeguarding customer data and maintaining a secure SaaS environment for all users. We handle sensitive information, including PHI (Protected Health Information) and PII (Personally Identifiable Information), that meet or exceed industry standards of security. This policy outlines the security practices we employ across our development, deployment, and operational processes to mitigate risk and protect your data.

Key Security Practices

1. Security-Integrated Development (DevSecOps)

Security is integrated into every stage of our software development lifecycle-

• Automated Vulnerability Scanning – Our CI/CD pipeline incorporates both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify and mitigate vulnerabilities at each phase of development.
• Shift-Left Approach – By addressing security from the earliest stages, we identify and resolve potential vulnerabilities before software reaches production, ensuring secure, high-quality releases.

2. Continuous Cloud Infrastructure Monitoring

We use industry-leading tools to monitor our cloud environments continuously, particularly in platforms like Azure.

• Real-Time Monitoring – Cloud infrastructure is monitored for vulnerabilities, misconfigurations, and security threats, providing continuous visibility and protection.
• Cloud Posture Management – Continuous scanning of virtual machines, containers, and databases helps us maintain robust security across our cloud assets.

3. Vulnerability Scanning Practices

• External Vulnerability Scanning  (Monthly) – Our publicly accessible systems are scanned monthly to ensure defenses remain strong against emerging external threats.
• Internal Vulnerability Scanning  (Weekly) – Internal systems and networks are scanned weekly to identify and rectify potential vulnerabilities, outdated software, and misconfigurations before they can impact our infrastructure.

4. Data Encryption and Access Controls

• Encryption – All data, whether at rest or in transit, is encrypted using industry-standard protocols to prevent unauthorized access.
• Access Controls – Role-based access control (RBAC) ensures only authorized personnel have access to sensitive data, supported by multi-factor authentication for added security.

5. Risk-Based Prioritization and Remediation

Vulnerabilities are prioritized based on industry-standard scoring systems like CVSS.

• High-Severity Issues – Remediation is immediate for vulnerabilities that could impact sensitive data or essential services.
• Proactive Patching – Routine patching and updates ensure our systems are protected against known vulnerabilities and emerging threats.

6. Compliance with Regulatory Standards

Diliko’s security framework is designed to align with regulatory requirements, including  HIPAA, GDPR, and other relevant standards. Our practices support these regulations by enforcing routine vulnerability assessments, secure data handling, and robust privacy controls.

7. Incident Response and Continuous Improvement

• Incident Response Plan – We maintain a tested incident response plan, enabling us to address and mitigate security incidents swiftly.
• Continuous Review – Our security practices undergo periodic evaluation and updates to align with current security threats and industry standards.

8. User Awareness and Education

We believe that security is a shared responsibility. Regular training and updates ensure that our team stays informed of the latest security threats, policies, and best practices. User education and proactive alerts help our customers stay informed about safe usage practices.

This policy reflects Diliko’s dedication to delivering a secure, reliable platform that aligns with industry  and regulatory standards. Please contact us for further details on how we safeguard your data and maintain secure, dependable services.