Raidiam’s systems are designed with security as a top priority. We follow a Secure Software Development Life Cycle (SDLC), allowing us to measure and control the risks involved in development. Vulnerability management is integrated into our CI/CD pipeline and we perform regular scans, detailed threat modelling, and rigorous security assessments by qualified cybersecurity experts. We follow security targets and policies, using metrics to ensure our products meet high security standards, with the focus always being to deliver solutions that are both functional and resistant to security threats.
Raidiam is committed to a comprehensive range of measures to ensure the security of our operations. We constantly monitor our production environments to pinpoint and address any issues, using patching and maintenance protocols to keep our systems updated against new threats. We practice privileged access management to reduce the risk of breaches. In the event of a security incident, we ensure swift containment, minimising disruptions to standard business operations. We also take the strategic approach of proactively hardening our systems according to industry security benchmarks and best practices to ensure our environments are securely configured.
Infrastructure and Cloud security
Our ecosystem infrastructure is hosted within AWS cloud data centres spread across various regional availability zones, ensuring our services are highly available and scalable for clients. Our approach to safeguarding data is built upon the strong foundation of AWS security features, such as Virtual Private Clouds (VPCs), Security Groups, the AWS Key Management Service (KMS), and other additional security mechanisms. The security architecture of AWS data centres facilities seamlessly integrates into the framework of our ecosystem infrastructure, managed by our certified AWS engineers.
We follow a series of comprehensive operating policies and procedures to ensure the continued integrity of our network. Using virtual private clouds and security groups, we can provide for network segmentation when required and additionally operate perimeter controls such as a web application firewall and Distributed Denial-of-Service (DDoS) mitigations. Our intrusion detection systems run 24/7 to monitor network traffic for signs of attack and all alerts are assessed and addressed by our operations team.
Raidiam takes a risk-based approach to security to identify, prioritise, evaluate, and manage potential cyber threats. Our employees are the backbone of our cyber security strategy and this is embedded in our business processes and culture. We require all team members to undertake security awareness and data protection training to provide a solid first line of defence. Our commitment is further evidenced by being ISO 27001 and Cyber Essentials certified.
Robust encryption measures are in place across our systems. All network traffic is encrypted using HTTPS and TLS 1.2+ and data ‘at rest’ is protected with Advanced Encryption Standard (AES) 265, which is the current industry standard for modern commercial business applications. We ensure our encryption measures remain effective and in line with industry best practice by regularly undertaking reviews and updating as necessary.
We are proud to have achieved ISO 27001 certification and the National Cyber Security Centre (NCSC) Cyber Essentials accreditation. Both awards demonstrate the seriousness with which we take our responsibilities towards our own processes and those services that we provide to our clients.