Last updated: 16/12/2024

Security & Compliance

draftalpha.com ("we," "us," or "our") prioritizes the security of your data and our platform. Our approach to security is built on industry best practices, ensuring confidentiality, integrity, and availability. Below is an overview of our security measures:

Secure Development

We follow a secure software development lifecycle (SDLC) based on NIST's Secure Software Development Framework (SSDF). Security is integrated from the ground up to protect against vulnerabilities.

Vulnerability Disclosure

We operate a Vulnerability Disclosure Program (VDP) to encourage security researchers to report potential security flaws. If you identify a vulnerability, please reach out, and we'll address it promptly.

Penetration Testing

Our platform undergoes biannual penetration testing by recognized cybersecurity experts, using OWASP methodologies tailored to our business logic. A penetration test report is available upon request.

Operational Security

We implement strict security measures across our organization, including:

• Multi-Factor Authentication (2FA) on all software

• Secure desk policy to prevent unauthorized access

• Disaster recovery plan to ensure business continuity

• Third-party risk management to assess vendor security

If you'd like more details on our security policies or need a security report, feel free to contact us.