GoodSign is a SaaS platform which allows customers to send and receive documents for digital approval, including e-signatures. The GoodSign team is based in Auckland, New Zealand.
At a high-level summary:
Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
All GoodSign systems use the Zero Trust concept, all our system and procedures are cloud based with strong authentication.
GoodSign is hosted on DigitalOcean - SFO3 datacenter in San Francisco, USA. DigitalOcean maintains multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC type 1 and 2 reports. For more information about their certification and compliance, visit https://www.digitalocean.com/trust/certification-reports/
Our databases use highly available managed storage. This multi node cluster based storage is resilient to single and multi-node failures. Automatic updates, daily point in time backups which allows us to restore to any single point in time over the last seven days. Fully automated fail-over and end to end security with LUKS and in transit SSL.
Storage is backed by Digital Ocean Block Storage Volumes. These volumes are encrypted and encrypted at rest using LUKS. Each volume is highly available and SSD backed. Volumes are built using Ceph, this technology is self healing and can handle the loss of an entire datacenter without data loss.
Our servers use a third party server management platform. This platform provides a strong layer of server and application hardening. Strong security configuration and access policies.
This allows us to easily rebuild and add severs to our cluster quickly through the admin platform in a scalable and repeatable manner.
All production servers are automatic patched by our server management platform.
All server access is via SSH.
Our server management platform provides realtime server monitoring, these include: server load, memory and disk usage. Notifications are triggered to our on-call engineer 24/7
Server changes are recorded to an immutable audit log
All our servers have their firewalls enabled, limiting access to only the essential ports.
We use Fail2Ban which will automatically block any ip that tries more than 5x to access a server over SSH.
All changes are made by our server configuration admin console. All changes are logged, access is restricted by 2FA security.
GoodSign uses unit testing and functional testing before each release. Releases cannot be made until all our unit tests have passed.
After each test, the respective component is tested again in production.
We use atomic deployments to make sure our application is updated instantly.
This process fully configures each code change with the correct libraries, and migrations. Once the code has been pulled from GIT, it is installed, automatic migrations are run and the directory is instantly symlinked into the live site with zero downtime or file/database inconsistencies.
In the event of an un-intended error, an atomic rollback can be performed to the previous release.
We use the latest Symfony framework, this framework provides numerous tools to correctly build fast and secure applications. We use the Symfony way of doing things vs building on our solution.
We use security auditing platform that checks the application installed libraries against a database of know security vulnerabilities.
Where possible, all javascript libraries are copied and served locally from our server. The only exception to this is our live help application and our web analytics solution.
GoodSign uses a Web Application Firewall (WAF) to block any suspicious requests. Our WAF has been configured using NGINX ModSecurity with OWASP ModSecurity Core Rule Set.
Our application is scanned weekly using an automated deep scanning tools that scans every page of the application for vulnerabilities, issues and misconfigurations. This tools scans for over 2000+ vulnerabilities, tests for the OWASP top 10 vulnerabilities. This system also tests for DNS for any misconfigurations including email SPF, DKIM. A scan report is available on request
GoodSign follows Secure Development best practices and follows the OWASP SDL guidelines.
We use BugSnag.com to track production level bugs. This gives us an instant warning of a new bug, BugSnag provides very clear details of where the bug has occurred and enough context to rectify the issue quickly.
All key application events are stored to our logging system.
GoodSigns TLS setup gets an overall score of A in the Qualys SSL Labs Test
GoodSign only supports strong HTTPS encryption in transit. HSTS is also enabled, this means once a client has connected via HTTPS a man in the middle HTTP downgrade attack is no longer possible.
Both our file storage and databases use strong LUKS encryption. File storage backups are also encrypted with LUKS, providing full encryption at rest for any sensitive data.
Our passwords are encoded and encrypted using industry recommended standards.
Our primary database uses a multi-node fault tolerant cluster approach. Each database is backed up daily.
All backups allow a point in time recovery for any time in the last 7 days.
Our server and server volumes are backed up 2x daily. Backups are held for 7 days.
All devices, laptops, phones, desktops are secured with biometric security where enabled. Longer passwords are used where possible, and strong passwords are required.
All devices have strong disk/storage encryption, remote locking and remote wipe. Staff must never copy production or confidential data to their device/computer.
We use cloud services for everything except our software development, this includes, email, customer support, testing, file storage and so on. Where possible we always enabled 2FA support to secure these accounts against intrusion.
All staff are required to sign a confidentially agreement. This agreement has strong repercussions if this agreement is broken, including termination.
Only our senior engineers have server access and this is locked to their main computer. Access is logged and notified to our CTO via realtime SSH login notifications.
Our support team, may access your account and contents only to provide support or debug an issue you may have. All support incidents including access is logged.
Our staff have signed confidentially agreements where a violation could result in termination.
If you would like to disable this feature and lock your account from support access, please contact the support team and they can enable this feature.
All rights reserved © GoodSign Limited 2024
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..