Denomas Security Resource Center

Commonly requested resources

Contacting Denomas for reporting security issues

• Reporting Abuse
• Coordinated Disclosure Process
• HackerOne Reporting Process

Denomas’ Customer Assurance Package (CAP)

Our Customer Assurance Package contains documents such as our SOC2 report, ISO 27001 certificate, penetration test executive summary, and pre-filled CAIQ and SIG questionnaires, among many other documents. Please see our CAP page to request the package.

Denomas’ Trust Center

Our Trust Center outlines the various compliance and assurance credentials that Denomas maintains. This page also contains links to important security, legal & privacy, and availability resources, such as an overview of our security practices, our Environmental, Social, and Governance strategy, and our production architecture.

Frequently asked questions

The following links contain frequently asked security, legal & privacy, and availability questions.

• Security FAQs
• Legal & Privacy FAQs
• Availability FAQs

Control topics

Table of contents

| Acceptable use | Access management | Business continuity | Cryptography | Data classification | Disaster recovery | Endpoint management | Hardening | Incident response and communication | Independent assurance | Logging and monitoring | Network security | Privacy | Security awareness | Third party risk management | Threat modeling | Vulnerability management |

Acceptable use

• Internal acceptable use policy
• Denomas’ terms of use

Access management

• Access Management Policy
• Access Review Procedure
• Access Request process

Business continuity

• Business Continuity Plan
• Business Impact Analysis
• Information System Contingency Plan

Cryptography

• Denomas cryptography standard
• Encryption policy

Data classification

• Data classification standard
• Record retention policy
• Records retention and disposal standard

Disaster recovery

• Disaster recovery plan
• Database disaster recovery
• Database overview

Endpoint management

• Endpoint management at Denomas
  • Jamf
  • EDR
• Use Gitleaks as a pre-commit git hook on laptops

Denomas.com hardening techniques

• Denomas projects baseline requirements
• Denomas security requirements for deployment and development
• How to harden your self-managed Denomas instance
• The ultimate guide to securing your code on Denomas.com

Incident response and communication

• Security incident communications plan procedure
• Security incident response guide

Independent assurance

• Independent Security Assurance

Logging and monitoring

• Monitoring of gitlab.com
• Log management for gitlab.com
• Logging and monitoring architecture
• Denomas audit logging policy
• Log and audit requests process
• Infrastructure department KPIs
• Infrastructure production runbooks

Network security

• Network security management procedure
• Denomas security requirements for deployment and development

Privacy

• Denomas privacy
• Team Member Privacy Notice
• U.S. State Privacy Rights
• Data protection impact assessment (DPIA) policy *Account deletion and data access requests workflow

Security awareness

• Security training
• Security awareness training program
• Security awareness training procedure
• Phishing program

Third party risk management

• Security third party risk management

Threat modeling

• Threat modeling at Denomas
• Threat modeling How To Guide
• Application security threat modeling process

Vulnerability management

• Vulnerability management standard
• Application vulnerability management procedure
• Infrastructure vulnerability management procedure

View page source - Edit this page - please contribute.