T4S Partners Security Practices

Owned by Rick Munoz
Mar 04, 2024
3 min read

T4S Partners Security Practices

Overview

At T4S Partners, security stands as our paramount concern. We specialize in assisting our clients in realizing their desired outcomes by efficiently bridging systems, processes, people, and insights to gain a competitive edge. As a "Next Generation" consulting and application development firm, we aid organizations in crafting innovative customer solutions, optimizing IT resources, and transforming enterprise service management functions.

The following is a concise overview of our approach to security concerning our products, processes, compliance, operations, and availability. We welcome collaboration with your security team or a third-party entity to assess our products comprehensively. Furthermore, should you have specific contractual requirements beyond our standard agreement, we are open to discussing them with you. Please feel free to reach out to us at AtlassianMarketplaceSupport@t4spartners.com.

Process

Security Policy

T4S Partners' security policy is a comprehensive framework governing data governance and security practices within our organization and the applications we develop. It outlines clear responsibilities across the organization and addresses identifying and mitigating vulnerabilities. This policy is made available upon request or as part of a security review process.

 

Incident Management

This protocol delineates how T4S Partners manages security incidents, including communication procedures with Atlassian, clients, and other partners. The process distinctly outlines responsibilities and establishes expectations. In the event of detecting an incident that may compromise client data, we commit to initiating communication within 48 hours of identification.

 

Bug Bounty Program

All of our products have been participating in the Bug Bounty Program. If a critical potential vulnerability is detected, we will work to release a fix for that vital issue within seven days.

 

Product Security

Encryption

We implement encryption for all traffic between internal and external systems, prioritizing utilizing highly secure and trusted encryption algorithms. At T4S Partners, we refrain from relying on proprietary methods and instead opt for established encryption standards. Additionally, we encrypt data stored on disk when necessary, especially when additional safeguards are required to protect sensitive information.

 

Security controls

Our products are designed to incorporate the most robust security controls available. For instance, our mobile applications have long-supported features such as Single Sign-On, Multi-factor authentication, and Mobile Device Management Solutions. Furthermore, our products leverage the inherent security features provided by the Atlassian suite, ensuring an additional layer of protection.

 

Operations

Security Information Event Management

In the cloud environment, we employ advanced security measures to detect abnormal network activity in real time promptly. Utilizing a Security Information and Event Management (SIEM) system, we meticulously analyze and identify potential threats and unusual activities. Once identified, we take immediate action to neutralize these threats, ensuring the continuous security of our environment.

 

Segregation of duty

Within our production environment, we strictly segregate duties to uphold security standards. Responsibilities are meticulously delineated, and these roles grant access. Engineers are provided access essential for their tasks, ensuring they can address issues effectively while adhering to the principle of least privilege.

 

Change control.

Since our inception, we have adhered to engineering best practices for change control. Drawing from our experience in large organizations, we recognize the significance of a well-defined process that remains agile. All our code is meticulously version-controlled, and we employ Continuous Integration/Continuous Deployment (CI/CD) practices to streamline the transition of our products to production. Furthermore, we use robust monitoring systems to ensure our products consistently meet performance expectations.

 

Availability and Continuity

Robust Architecture

Our cloud architecture is meticulously designed to minimize the likelihood of failure. We take pride in leveraging cutting-edge technology to support high availability and distribute processing across multiple data centers. In the rare event of an outage, we can recover and restore operations swiftly.

 

Recovery

We recognize the potential impact an outage of add-on vendors may have on your operations. Rest assured, we have a well-defined and thoroughly tested plan to restore our Cloud environment in case of an unlikely failure. With clearly defined Restore Time Objectives (RTO) and Restore Point Objectives (RPO), we ensure minimal impact on your operations even in such rare scenarios.

 

Compliance

Your organization may have stringent security, privacy, and compliance mandates. Having worked extensively with prominent government, defense, banking, and healthcare entities, we understand and support adherence to various compliance standards such as ISO 27001, HIPAA, FedRamp, PCI, SOC, HITRUST, and others. We take pride in our competence as a reliable partner dedicated to assisting our clients in achieving their compliance objectives.

 

Version: March 2024