Our Commitment
Security is at the core of everything we do at GDR Software Development. We take a proactive approach to protecting our systems, our clients' data, and the software we build.
Infrastructure Security
- All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Infrastructure hosted on reputable cloud providers with enterprise-grade physical security
- Regular security assessments and vulnerability scanning
- Network segmentation and firewall policies following the principle of least privilege
Application Security
- Secure development lifecycle (SDLC) integrated into every project
- Static and dynamic application security testing (SAST/DAST) on every build
- Dependency vulnerability scanning and automated updates
- Code review requirements for all changes before deployment
Data Protection
- Access to client data is restricted on a need-to-know basis
- Multi-factor authentication (MFA) enforced across all systems
- Regular access reviews and immediate revocation upon role change
- Comprehensive audit logging on all data access
Operational Security
- Incident response procedures documented and regularly tested
- Security awareness training for all team members
- Background checks for all employees
- Secure device management policies for all endpoints
Responsible Disclosure
If you believe you have found a security vulnerability in our website or any of our services, we encourage you to report it responsibly. Please contact us at:
Email: contact@gdragency.com
We take all reports seriously and will respond promptly. We ask that you do not publicly disclose the vulnerability until we have had the opportunity to investigate and address it.