Security and Compliance at Theorem Solutions
Theorem Solutions maintains an ISO 27001 compliance certification and a Cyber Essentials Plus certification.
Data at Rest
All of Theorem Solutions computers and servers are full disk encrypted using at least 256-bit AES encryption.
Data in Transit
TLS 1.2 or higher is utilised everywhere data is transmitted over potentially insecure networks.
Pen Testing & Application Security
Theorem Solutions engages with an external ISO 27001 accredited company that carries out automated penetration testing on our external network and our TheoremXR web application on a regular basis.
Theorem Solutions internal systems undergo regular vulnerability scans with any findings being tracked and remediated within the time frames specified in our IT policies.
Endpoint Protection and Monitoring
All corporate devices are centrally managed and equipped with device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. Device management software is used to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
Secure Remote Access
Theorem Solutions secures remote access to internal resources using a modern VPN platform that requires MFA.
Security Awareness Training
All new Theorem Solutions employees undergo mandatory security awareness training during their company induction. In addition, security awareness training and emails are delivered to all staff on a regular basis.
Identity and Access Management
Theorem Solutions employees are assigned a unique user account and are granted access to data based on their role. Further access to data is subject to a strict approval process and is controlled via our IT support ticketing system.