<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3209473&amp;fmt=gif">
Skip to content
English - United States
Contact us
  • There are no suggestions because the search field is empty.

Styku Data Processing Agreement — Annex 2 Security Measures: Vulnerability Management and Personnel

Styku Data Processing Agreement — Annex 2 Security Measures: Vulnerability Management and Personnel

Summary

Styku conducts daily vulnerability scans, annual penetration tests by third-party providers, and runs a bug bounty program to identify and remediate security risks. All employees receive role-appropriate security training and, where permitted by law, undergo third-party background checks. Employee conduct is governed by non-disclosure requirements and ethical standards.

Full Policy Text

f) Vulnerability Management Program

Vulnerability Remediation Schedule: We maintain a vulnerability remediation schedule aligned with industry standards. We take a risk-based approach to determining a vulnerability's applicability, likelihood, and impact in our environment.

Vulnerability scanning: We perform daily vulnerability scanning on our products using technology and detection standards aligned with industry standards.

Penetration testing: We maintain relationships with industry-recognized penetration testing service providers for penetration testing of both the Styku web application and internal corporate network infrastructure at least annually. The intent of these penetration tests is to identify security vulnerabilities and mitigate the risk and business impact they pose to the in-scope systems.

Bug bounty: A bug bounty program invites and incentivizes independent security researchers to ethically discover and disclose security flaws. We implement a bug bounty program in an effort to widen the available opportunities to engage with the security community and improve the product defenses against sophisticated attacks.

g) Personnel Management

We staff qualified personnel to develop, maintain, and enhance our security program. We train all employees on security policy, processes, and standards relevant to their role and in accordance with industry practice.

Background checks: Where permitted by applicable law, Styku employees undergo a third-party background or reference check. In the United States, employment offers are contingent upon the results of a third-party background check. All Styku employees are required to conduct themselves in a manner consistent with company guidelines, non-disclosure requirements, and ethical standards.

Applies to: All Styku customers