PassportCard-Davidshield Group Trust Center

 

 

Overview

We, as a part of PassportCard-Davidshield Group, are committed to keeping our customers safe and protecting their data with the highest standards. We are also committed to providing them with a highly secure and reliable environment.
PassportCard Labs Ltd., a part of PassportCard-Davidshield Group, provides IT, infrastructure management, user administration, and system and website development services for the companies within the Group.

 

ISO 27001, ISO 27799

 

PassportCard Labs Ltd. (hereinafter: “PassportCard”) is certified according to international standards and industry best practices ISO 27001, ISO 27799

 

See our certification

How do we secure your data?

Application Security

 

PassportCard implements a security-oriented design across multiple layers, including the application layer. The PassportCard application is developed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.

 

Our controlled CI/CD process includes static code analysis, vulnerability assessment, end-to-end testing, and unit testing that addresses authorization aspects and other aspects. PassportCard developers receive periodic security training to stay updated on secure development best practices.

 

Infrastructure Security

 

Another critical layer of security is our infrastructure. We employ multiple defense mechanisms, including:

  • Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
  • A web application firewall (WAF) for content-based dynamic attack blocking
  • DDoS mitigation and rate limiting
  • IDS/IPS sensors for early attack detection
  • Advanced routing configuration
  • Comprehensive logging of network traffic, both internal and edge

Data Encryption

 

PassportCard ensures the encryption of all data, both in transit and at rest:

  • Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum.
  • User data is encrypted at rest across our infrastructure using AES-256 or better.
  • Credentials are hashed and salted using a modern hash function.

 

External Security Audits and Penetration Tests

 

Independent third-party assessments are essential for gaining an accurate, unbiased understanding of your security posture. PassportCard conducts annual penetration tests on both the application level and the infrastructure level, performed by reputable independent auditors.

Additionally, PassportCard undergoes external auditing as part of SOX audits, ISO certifications, and other external audits.

 

Supply Chain

 

We are aware of the security risks posed by your suppliers. Each supplier undergoes a risk survey, signs confidentiality agreements, and enters into contracts that include information security requirements. We also conduct periodic supplier surveys for all critical suppliers.

 

 

Physical Security

 

Our physical security measures in our offices include personal identification-based access control, CCTV, and alarm systems. Our data center is also equipped with security measures, CCTV cameras, access control, and an alarm system.

 

Disaster Recovery and Backups

 

PassportCard is committed to providing continuous and uninterrupted service to all its customers. We consistently and continuously backup data. All backups are encrypted and stored in multiple locations.

Our Disaster Recovery Plan undergoes annual testing to assess its effectiveness and to ensure our readiness in case of a service interruption.

Security in Human Resources

PassportCard acknowledges that its security relies on its employees. Therefore, all our employees undergo thorough information security awareness training during onboarding, with additional security training provided on a quarterly basis. Additionally, all employees are required to sign our Acceptable Use Policy.

 

 

Access Control

 

We understand the importance of data privacy and confidentiality. Regular user access reviews are conducted to ensure appropriate permissions are in place, following the need-to-know principle. Employee access rights are promptly updated in case of employment changes.

 

Authentication

 

Customer access to the personal area for self-service or administrator access requires two-factor-authentication (2FA).

For more information, you can contact our CISO (Chief Information Security Officer)

at ciso-q@PassportCard.co.il

World events and “Do Not Travel” advice may affect your policy- please read our Travel Alerts. If you need emergency assistance, contact the 24/7 Global Support team on +61 1800 490 478 (Reverse charge) or on WhatsApp.