Last Updated: December 13th, 2024 at 1:38:20 AM GMT+9
Welcome to eSolia on GitHub. We're a Tokyo-based IT management consultancy, and we're glad you're here. We are a security conscious company, incorporating ISO 27001 good practices in our work, including software development.
Specifically, the following are the requirements mandated in ISO 27001:2022 Annex A Control 8.25 as "rules for the secure development of software and systems", and how we address them.
Requirement | Actions |
---|---|
1. Keeping development, testing, and production environments separate. | For typical jamstack websites (most of our sites), development refers to the developer's local environment, testing refers to a protected branch published for the client to review, and production is the published website. In the case of our PROdb cloud database, it is possible to make a combined dev and test environment, which is separate from production, then merge it to production when approved. |
2. Offering guidance on security in the software development life cycle, in terms of general methodology and languages use. | We handle this via SOP. |
3. Implementing security requirements during the specification and design phases. | Every project considers and specifies security during initial projects, or changes. |
4. Developing and using security checkpoints in projects. | We establish the basic security framework for a project in the specification phase, develop per the basic guideline established in the spec, then finally report how the project has implemented security. |
5. Engaging in security and system testing. | For most website projects, security scanning entails checking security headers are in place. For cloud database projects, the platform vendor is running basic security penetration tests regularly, and we check relevant security areas at every step, in specific configuration areas such as table, view, form security. |
6. Establishing secure repositories for storing source codes and configurations. | Only permitted personnel have write permissions (commit or merge access) to repositories. |
7. Ensuring security in version control during change management. | Change management process considers version control security. |
8. Ensuring all personnel involved in development have the required application security knowledge. | We are engaged in an ongoing effort to develop this knowledge. |
9. Ensuring developers have the capacity to recognise and avert security flaws. | We take care to understand security and the lack thereof, within the websites we develop and the apps we configure. |
10. Adhering to licensing requirements. | We are aware of licensing and adhere to all requirements. |
- This year we marked our 25th anniversary and updated our logo. We'll be taking a break from Dec 27 at 12:00 through Jan 5. We can't wait to come back in 2025 stronger and better than ever. We're committed to keeping your information safe through our ISO 27001 efforts.🎍🎌
- For our 25th anniversary, we decided to refresh our look, and Lucie Baratte (designer extraordinaire & founder of www.logology.co) came up with a look we love, that matches our brand well!
- Year-end & New Year Holiday Season: Dec 27 (Fri) 12:00, 2024 to Jan 5 (Sun), 2025
Item | Value |
---|---|
Repo Total Files | 1 |
Repo Size in MB | 148 |
Lume Version | v2.4.2 |
Deno Version | 2.1.4 |
V8 Version | 13.0.245.12-rusty |
Typescript Version | 5.6.2 |
Timezone | Asia/Tokyo |
We're generating this readme using the Lume static site generator from within the eSolia .github repository. See this page for details to get your own dynamic readme!