This security policy (the “Security Policy”) is prepared by SynOption Pte Ltd (“SynOption”) and contains important information about how SynOption addresses the security of your data while using www.synoption.com and optimus.synoption.com and their subdomains (“Platform”).
This Security Policy may be updated from time to time. We encourage you to check the latest version of this Security Policy regularly.
This Security Policy applies to information we collect about:
Your trust is very important to us and data security for us is of prime importance. To help you feel safe when you visit our Platform, we observe industry standard cyber security practices at the data, application, database, operating systems and network layers to adequately address and contain threats. Measures are implemented to protect sensitive or confidential information such as customer personal, account and transaction data which are stored and processed in systems. Data loss prevention strategy is implemented which includes protection of data at endpoints, data at rest and data in transit. Encryption algorithms are of only approved standards by the company. We make use of SSL to encrypt communications between our Platform and the backend services. An authenticated session, together with its encryption protocol, remains intact throughout the Platform’s interaction with you. We scan our Platform regularly for any vulnerabilities and resolve issues on a priority basis. This helps to keep you safe from attacks like Man-in-The Middle attacks.
Customers are properly authenticated before access to online transaction functions and sensitive personal or account information is permitted. Access to the platform requires IP whitelisting, username/password, and mobile-based 2 Factor Authentication (2FA). Rigorous testing of systems is conducted to verify the security of the platform. Source code is reviewed and tested for security considerations. This covers measures to detect and correct information leakage, resiliency against input validation, unsafe programming practices, exception handling, logging, and management of cryptographic functions.
Access control both internally and externally employs role-based access control adopting the principle of least privilege. IT systems and devices are configured with security settings that are consistent with the expected level of protection. Network security devices, such as firewalls as well as intrusion detection and prevention systems, are installed at critical junctures to protect network perimeters with appropriate oversight on network rules and access controls. Patch management of systems is carried out to address security vulnerabilities that arise. The process includes the identification, categorization and prioritization of security patches. Security logs are maintained across systems to facilitate monitoring, detection, and response of security events. Annual Vulnerability assessment and penetration testing is carried out to detect security vulnerabilities in the IT environment and such vulnerabilities are classified and addressed appropriately. These include testing for OWASP Top 10 vulnerabilities. An online session is automatically terminated at the end of the business day unless the customer is re-authenticated.
In the event of interference, measures have been put in place to terminate the session, to resolve or reverse out the affected transactions, and to inform you of the same.
We commit to protect the confidentiality, integrity, and availability of business information, information processing facilities and provide a secure work environment to our client, employees, and stakeholders.
In addition to the above, we strive to develop and implement relevant and cost-effective information security controls by:
We strongly urge all our clients, employees, and stakeholders to acknowledge their responsibility in respect of maintaining the security of data of our clients and provide positive contribution to information security in conjunction with this Security Policy.
To help us achieve the above objectives, we urge you to: