Compliance and Certification
StellaService reviews compliance with the StellaService Information Security policies as well as the Privacy Policy published on our website on a quarterly basis. After reviewing compliance, we provide a report to our executive board. Where applicable we highlight known compliance gaps and plans for addressing them in the future.
On an annual basis the internal information security and privacy policy is reviewed for consistency and accuracy with our practices and obligations, and it is reviewed for compliance with any updated privacy regulations globally.
Description of current compliance with existing standards:
OWASP
For OWASP, we follow security guidelines and implement the OWASP Top 10. We are continuously improving compliance to our policies to harden even more our web application security.
PCI Compliance
Because StellaService does not accept, process, or store credit card data, the PCI standard does not currently apply to our software.
GDPR Compliance
StellaService is on track to being GDPR compliant by May 25, 2018, when the GDPR goes into effect. This includes internal procedures to comply with data subject access requests, with a 20-day SLA to help our clients address their own customers’ requests.