At Customaite, protecting your sensitive logistics data is our top priority. We’re proud to report that our latest penetration test found no high or critical risks, reinforcing our commitment to strong security measures. From ISO 27001 certification to secure development practices, we continuously safeguard your data. Read on to see how we keep your information secure and compliant.
Your trust, our priority
At Customaite, we know how critical it is to protect the sensitive logistics data you trust us with. Your confidential information—from pricing details on invoices to customer contacts—is secure with us.
We’re therefore pleased to report that our latest penetration test has concluded successfully, with no findings of high or critical impact. A formal attestation letter from our external security experts is available upon request.
Penetration tests are performed by security professionals, where they attempt to gain access to resources they shouldn't be able to, or analyse where the application might disclose clues that could be used by hackers. We perform these tests regularly to validate our continuous internal efforts to improve our security posture.
This post will dive a bit deeper into specific measures we take to safeguard your information, and why they matter.
Built secure from the start: Our Threat Modelling approach
Good information security practices start at the very beginning, when designing new features or projects.
Each new project undergoes a standardised security review. If new integrations or additional data collection are involved, senior engineers perform a detailed security design analysis, documenting potential threats and aligning on mitigation strategies before development starts.
We document new potential threats with techniques such as threat modelling, and align on our mitigation approach for these threats.
I've previously written about threat modelling in more detail in this blog post, highlighting how it fosters a proactive security mindset across all our teams.
Data minimisation and processing practices
Less data means less risk. Before development begins, we rigorously assess data requirements to ensure your sensitive information is never collected, stored, or shared unless explicitly necessary.
We never collect or retain data longer than required, and by processing exclusively on EU-based servers, we ensure full compliance with GDPR and other European data protection regulations. Data is also never provided to subprocessors unless explicitly required.
Secure development practices
Our secure development practices ensure your data remains protected throughout the entire lifecycle of our product.
Our developers undergo mandatory training on key security risks, including those outlined in the OWASP Top 10 vulnerabilities. During development, we apply code reviews and static code analysis. We track the risks and licences of any open-source dependencies that we include with Snyk.
Our infrastructure is regularly updated following strict guidelines, and updates replace the previous components entirely.
ISO 27001 Certification
Our ISO 27001 certification demonstrates Customaite’s commitment to best practices, assuring you that your information is protected across critical areas such as access control, asset management, cryptography, physical security, operational security, and incident response.
This certification provides you with confidence that our Information Security Management System (ISMS) meets stringent criteria and that our security measures undergo regular independent audits.
This certificate also proves that we have demonstrated to auditors that our team understands these policies and we can demonstrate evidence of the continuous security measurements mentioned earlier.
Securing our supply chain
Our commitment to security extends beyond our own operations. All third-party vendors and subprocessors undergo a rigorous vetting process, including comprehensive legal and security checks.
Our Data Processing Agreements (DPAs) are carefully tailored to each vendor relationship, ensuring that your data remains protected throughout our entire supply chain.
In conclusion
We hope this article clarified any questions you may have on how we perform information security at Customaite. We also provide answers to security controls in the ‘CAIQ template’ on this page: https://www.customaite.ai/security. For customers with specific compliance requirements, we're happy to provide our security certificates, penetration testing attestations, or schedule a detailed security review call with our team.
Partner with Customaite and experience logistics document processing that’s secure, compliant, and designed to protect your business.
Book a demo today
Don’t wait until your competitors have left you behind. Experience the power of AI-driven logistics firsthand. Book a demo with our team
It’s as simple as booking a demo at the bottom of this page.
And let me know if that 1 hour of your precious time was well spent?