Our Cyber Security Approach
At Assai, enterprise SaaS security is foundational to how we design, build, and operate our platform.
We support organizations in high-stakes, asset-intensive industries where the confidentiality, integrity, and availability of engineering data are critical. Any disruption can have serious operational and safety consequences, and our security practices are designed with that reality in mind.
How We Protect Critical Engineering Data
Dedicated Cyber Security Governance
Assai maintains a dedicated Cyber Security Team responsible for protecting our platform, infrastructure, and customer data across the full system lifecycle.
This team oversees:
- Threat prevention and detection
- Security monitoring and incident response
- Secure system operations
- Ongoing risk
Our approach ensures security is continuously managed, not treated as a one-time activity.
Core Security Measures
Independent Security Assessments
Assai undergoes regular penetration testing performed by external specialists to identify and mitigate potential vulnerabilities.
Summaries of penetration testing activities are available upon request, supporting transparency and accountability.
Resilience and Availability
To ensure platform reliability and business continuity, we implement:
- Disaster Recovery (DR) testing for system resilience
- Continuous monitoring to detect and respond to threats in real time
- Secure data management across the full data lifecycle
These practices help ensure systems remain operational even under adverse conditions.
Infrastructure Protection
Assai uses Cloudflare to provide network- and application-level security and performance protection.
This includes:
DDoS protection to mitigate large-scale attacks
Web Application Firewall (WAF) to protect against common web threats
These controls strengthen perimeter security and improve overall platform resilience. Together, they help ensure the security, resilience, and availability of critical engineering data.
Secure Software Development
Security is embedded throughout our Software Development Lifecycle (SDLC).
We follow the Microsoft Secure Development Lifecycle (SDL) methodology, integrating security controls across all development phases:
Planning
Security objectives and requirements are defined early.
Design
Threat modeling is performed to identify and mitigate risks.
Implementation
Secure coding practices are applied consistently.
Testing
Security testing is performed to identify and address vulnerabilities.
Deployment
Security controls are validated before production release.
Maintenance
Continuous monitoring and vulnerability management are applied.
How we validate security in practice
Across the software development lifecycle, we apply structured security checks to identify and reduce risk before release and during operation. This includes threat modeling, secure code review, and application security testing methods such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), supported by continuous monitoring and vulnerability management.
Identity and Access Security
Multi-Factor Authentication (2FA)
Assai supports Two-Factor Authentication (2FA) to provide an additional layer of protection for user access.
Combined with role-based access controls, 2FA helps ensure that only authorized users can access sensitive resources.
Single Sign-On (SSO) and SAML
Assai supports Single Sign-On (SSO) using the SAML protocol.
This enables organizations to integrate Assai with their existing identity providers, allowing:
- Centralized user management
- Secure authentication
- A seamless login experience
Industry Engagement
Assai actively participates in industry initiatives and organizations to stay aligned with best practices in engineering, information management, and digital security.
