At Assai, we strive for security and compliance to align with excellence in engineering tailored for the energy sector. We recognise that the energy sector operates in a high-stakes environment, where any disruption can lead to serious consequences.
Ensuring the security and integrity of your full life cycle engineering projects and operations is our top priority. That’s why we’ve established a dedicated Cyber Security Team committed to protecting your projects from potential disruptions. Whether it’s defending against cyber threats, preventing system failures, or ensuring compliance, we’re dedicated to safeguarding your projects every step of the way.
We adhere to the highest standards of security, ensuring the confidentiality, integrity, and availability of your data.
Our commitment to security goes beyond certifications. We undergo rigorous penetration testing annually to identify and mitigate potential vulnerabilities proactively.
Rest assured, a summary of our pen testing reports are readily available upon request, demonstrating our commitment to transparency and accountability.
Managing compliance requirements in the energy sector can be complex. Here’s how we simplify the process for you:
We’re proud to partner with Cloudflare, a global leader in web security and performance. Together, we provide an additional layer of protection for your projects, leveraging Cloudfare’s advanced technology, including:
At Assai, security is a top priority. This starts right from the software development process, where we implement security by design. This means we integrate security throughout all phases of the Software Development Lifecycle (SDLC).
We achieve this by using the Microsoft SDLC methodology, which provides a structured approach to developing secure software.
In this phase, we define the security objectives for the software.
We design the software with security in mind, considering potential threats and vulnerabilities. This includes conducting threat modeling to proactively identify and mitigate security risks.
We implement the software according to the security requirements established in the design phase.
We thoroughly test the software for security vulnerabilities, utilizing both SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools, alongside threat modeling techniques.
– SAST: Analyzes the source code to identify potential vulnerabilities early in the development process.
– DAST: Tests the running application to discover vulnerabilities that might be exploitable during operation.
The software is released into production.
We continuously monitor the software for security vulnerabilities and weaknesses.
In our dedication to protecting your valuable documents and data, we have implemented Two-Factor Authentication (2FA) as part of our comprehensive security measures. This extra layer of security is pivotal, particularly in environments with diverse job roles and a large user ecosystem. Alongside role-based access, 2FA significantly fortifies the security of your Assai environment by ensuring that only authorized individuals have access to the appropriate resources.
At the core of our platform’s design is the assurance of seamless and secure access, made possible through the implementation of Single Sign-On (SSO) technology and the Security Assertion Markup Language (SAML) protocol.
With our SAML integration option, users can effortlessly access our platform using their existing credentials from third-party user repositories, simplifying the authentication process while maintaining stringent security measures. Once authenticated, users seamlessly log in to the Assai system with their SAML user ID, creating a unified and intuitive user experience shared between Assai and the Identity Provider (IdP).
