Greencopper Security Guide

Privacy

  • We do not sell personal information of our customers to third parties.
  • We have a full time staff focused on privacy and security issues.
  • Greencopper processes user personal data in accordance to GDPR’s data protection principles.
  • You can find our privacy policy at: https://privacy.greencopper.com/

Hosting Environment

  • Greencopper uses data centers that meet the following certifications:
    • PCI-DSS Level 1 Service Provider
    • SOC 3 - System and Organization Controls
    • NIST 800-53 Revision 4
    • ISO 9001 - Global Quality Standard
    • ISO 27001 - Security Management Control
    • ISO 27017 - Cloud Specific Controls
    • ISO 27018 - Personal Data Protection

Software Development

  • All Greencopper software engineers receive software security training that covers security best practices including covering OWASP Top Ten as well as Mobile Security best practices.
  • All Greencopper source code is developed in accordance with a standard SDLC process that includes
    • A software and security code review before being shipped to production.
    • Running through a continuous integration test suite.
    • Manual QA testing.
  • A Pen-test including Static and Dynamic Code Analysis is regularly done by a third party security company.

Encryption

  • All web traffic is encrypted by TLS 1.2 or greater.
  • Greencopper follows NIST recommendations for hashing, symmetric and asymmetric encryption.
  • Memorized Secrets are handled in conformance with NIST SP  800-63
  • Greencopper destroy data in conformance with NIST SP 800-88

Organization

  • All staff regularly receives security training by trained professionals and must pass security awareness tests.
  • All staff are regularly subjected to simulated phishing and other social engineering attacks to test their awareness.
  • All staff must sign off on security and acceptable use policies and procedures.

Responsible Disclosure

  • If you discover a vulnerability, Greencopper requests that you responsibly disclose the vulnerability to our security team by taking the following steps.
  • We have an internal Responsible Disclosure process that cover the initial signalement up to the full resolution of the discovered security breach
  • If the contents of the vulnerability are sensitive in nature, please use our PGP key, below
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF15Ou8BEADZjYkoN/br8XicypJ5cdDfw7TXNwfWi1KyEO8fgl51kdDBq1w9
/Ozj3BXZ6BqhYyd1iHeZmr0IFX1BAVK9R+qXdmjgJFWH0FWL/SHj1ZArdHlO3xBL
Dn2lDDXzmSdxq+7b/+XNFtc1fid3ctzSlNAJXKpP4blvn6rjmWFdKb5p+8YwRAik
WiV76pgvqhorsNazxWlzy14NEaIf9S5mJYZsWq3p8MEhcePNiYsB5V7N9WUNveo/
MrEnifXW10s2qJvjGndwuVvLhvBMbr+KTEyhIjBCDd80TCXdHLGVSOakgPTz58JP
dDfOwqkjJvMrQ87v9qyM9Dk5oJLwpsZxebxkYNfCLCstlRc02bZvBxybHT3mal7f
xxjvcgSJTKxD9aCpvDctrlejbh+2Gv//IKMKM+axL1hqVVmiR7qh+s7SgNzVTl/D
+raCmC9ClhrZtM7LN0NftN5qE3kzUM+J+UTAirJOuKPASJe805kNA22i9TNXAJuO
tt1/df6GT9pC5/BcC1MOEvJ0DhoO64mtpZpMu+wvgYL1AGydVIurJDEWCaaIXOi/
vpmyVut2EzID8nv8m5+EfdMpa9jPNunwk3pz95tybHLUVbWrT2yJN0FfrqdeY8Z9
bWEiA1KahvuLy85n03ZtCQbPAdpXuLKmcG6FwqBRC1q6mq4KfxH8u3mpVQARAQAB
tCNzZWN1cml0eSA8c2VjdXJpdHlAZ3JlZW5jb3BwZXIuY29tPokCVAQTAQgAPhYh
BJltQfxHt/ufVKBztbI0zfvcs3tfBQJdeTrvAhsDBQkHhh+ABQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAAAoJELI0zfvcs3tfwsYP/AoR294UodnLj7AKJKixzaDiVe6p
L2O3S3T0Jl+VSGdmvXP8K6wDqtMcdsLhd+JX7Ak8Vk8JzHgXtSc811hQXUsfqNYt
V3sGDtSFAixa9ojVTZ934pLE4fX1v1FFv4YoJVXkE3KQ1IHbtLu5pfj+pzm9Ca0D
eHdkn7ADVVu66TXR/IV1IJxJVsCSh1ieOcU3mGWquIOz9pxxnx6PZ8QrF4G3c9Oh
aHEKHMjT9JPLTp7P3oKpRa2kGvDOPoTRtSjLa7YwIqfJ6+13vghvod7Ae6kDvTyV
dtcabNyGYtMMAhm3lLvPAsfySd9PvC2CsenvzqPk7dR6uvmKPce97OvYbp+Yq30h
OXAKJC77xlwx3xD4qJyBGwY6Pe8EvA8Z+r1tdChfV0qMTB7L6L6GDao/wD4JFIrD
i0nZq0DR+aH4cdmM0Q1UJoah9N9IY01Pz5iU0tS8EA3xY9iJLw5/YtR3AO+vPOAR
EiKxwVg4M484m5THIyIL4Szn6xGiPCpKDELBLSU2Z2FJkhQRtNCCDx5RWVZHmzfG
pSCW0/4ALhow4ITCieBOk24G9rwUfxNlKGCHv/V4sWctpsFjSZ8mBOOWZ+xN0Atk
rR7iCnwCEotHyNz8vPqdGErbxDHgYJs4Olh0AgRGcBwzIVVpVyN0mc9SDZZyAUg0
+7BS2CrOYwbOeSDruQINBF15Ou8BEADFYrzDTb1UF8T4OYdLwlwGTFUlhHslIJ8i
sjP5v4F+qOR7KbYp6leSpHOmGs13q2hM32psr7w7hcvfwmfTJhXWPeGY9azPJ7UJ
1V9Z5St99iTWLFXCnVNYDmCj/8S53Ugm7nIDPduZMIpvTIZzVyYN4isDxDScXq9k
49i5l2/J1lCmYNjTDTeb/CtByDuHzD2ZnW7Q7C0k3AuIpmN9h7KB6rnlO8PTALsp
MLwylH6OPlax9OfoB8W0eWu/l7IFMejzBcQW/sGIlKhw1mTKqIB3zY9/oP9x6Le4
rWArHS+7IbV8Vr6gYkB3cWsA7smntalcrgP0uXs+t4cX2sv8mJ4z84aKj7dT5h7c
72LjD01YLEDr8qP0XuhiWLd2DO27OLf36HvFr6Fx5mEzh0Ir+pzykoQBP5UkZewi
DpA6SwnT5VVDfRHG2PKbK8Lu3xSTJ7KB/nYe6B54gc8+0oF80Sfgk07BpzyE1hpe
1+NI8CPg79xmzNZZ4Jv3eQXB2NzeE8ud0ScPFYKWCiy1Jio+ANmNO7PPYiygUMAB
oUmdXxy6xE36vVbXrKT8qnrfvwTI2jKtP47WNML4/7pv6vv6QcGRNVvvSEHi6YKb
ShvoQ2lPDBELwCx6DMe6oy4jxFoou90OO0wD2OLa81KuDAh2SlNZGOF8vrdM3WOu
hMDA79JoKwARAQABiQI8BBgBCAAmFiEEmW1B/Ee3+59UoHO1sjTN+9yze18FAl15
Ou8CGwwFCQeGH4AACgkQsjTN+9yze1/krRAA0PBJkrqyfGaIjsVrSuO4M05enSXZ
NKGj/J4IdiwxQGCrPkWaxf+qX+uPx66owsm004kQZF6nF5KGJVZHbhOP9Om50dyO
iMf+QZFS3k9TPDmrDlHXUeqFxFP+EknptMYSIITvJARgnMffOISxwfwi+5heWcSz
rL/BXl3/WK8+CpJzmjFW74sEFIrH7hUEFIlz323PCoQmaC0IMR3IRywxzd887y0t
O5ArP64t1kVlqpTULOSKNd78kK0lBHcc9HmoAcFUqgdxGPkDz9DfhXhDZCbFbRzF
PuswJposbFY+jpoAMf8nV3jGuCYWuwJhh3Jsu+Cc7huVUCe6AcqwofrCA7eHHxLN
fJ+SnsS596ZLYEGslFj4Tlro0Bg+bCqgLG0Dg/nQhQLFlTJf7rJ208Fi65gJZCAk
iFlct3qOC8ovE0L7giOkWRPg6XJU4+ceXzkpjKcRu6XzkjT2RqQA4dCM2uL8UXlp
2nWDcu7Mm2YCIvRmMho3goXgBpuaF625H7DMdj4vv7VSbqEqjRcK/HH7H2RaQ5UQ
S0IT0NYW5BzgwOAhGBIZd5zpMziToiC6ay+zB5cxspbKH8JT0PgZ99aLT88z6fBV
8CMJ0eX6QAVraEBJ4taNzB1XgVnjQNvV7STKI2312VeBGLH6NZuhcQh0gHaaG2S+
x0HEvm2YBsML1GM=
=qshW
-----END PGP PUBLIC KEY BLOCK-----

References