Information Security Policy

UAB “Gorampa” information security management system includes software solutions for managing supply chain processes. GoRamp is dedicated to empowering businesses with robust, cloud-based management solutions that cater to the specific business needs of modern supply chains.

To help deliver on our mission, we have developed and deployed a comprehensive yet pragmatic information security management system, which complies to all applicable legal and regulatory requirements, and with the ISO/IEC 27001:2022 standard, thereby:

UAB “Gorampa” has an obligation to its customers, employees, suppliers, and service providers to protect the confidentiality, integrity, and availability of information assets.

Meeting these high standards is the responsibility of the entire UAB “Gorampa”employees. We have a shared commitment to the effective operation of the information security management system, and to the achievement of this Policy and the objectives derived from it.

Does solution provider keep an audit trail of which users performed what actions when (if cloud solution is audit report signed?)

Yes

How are Backups / Restores performed? As these backups stored offsite?

Important data backing up once per every 1 hour everyday and once 7 days by AWS tools and stored in the AWS cloud solution.

Does solution provider encrypt all data transmissions, including all server-to-server data transmissions, or data at rest within data centers?

All data transmissions between server-to-server and client-to-server are encrypted with SSL.

How does the provider separate each client’s data?

We're the cloud solution so unauthorized physical access to data is protected by AWS. Logical access is protected by user identification by strong password policy and additionally could be protected by two factor authentication.

What are types of cyber threats mitigated by the use of second-factor include?

Phishing, Brute-force attacks, Stolen passwords, Some social engineering attacks, Keylogging, Credential stuffing, Man-in-the-middle credential theft

Which security tasks are carried out by the provider, which type of security incidents are mitigated by the provider (and which tasks and incidents remain under the responsibility of the customer)?

The customer responsible only for the internal policy such as use strong passwords and enable two factor authentication for all users.

How does the provider ensure that their personnel works securely?

We're using internal security and NDA policies.

Has your company ever been the victim of a distributed denial of service attack (DDoS), and if so, how did your company respond?

Our infrastructure complies with AWS Shield Standard as part of a DDoS-resilient architecture to protect both web and non-web applications.

Has your company ever experienced unauthorized access to customer data?

No

Does the solution permit the segregation of the Application & Database on different servers or do they have to be on the same server?

The Application and database servers are on different servers. Our infrastructure organized by microservices principals. Microservices allow a large application to be separated into smaller independent parts, with each part having its own realm of responsibility and permission.

Which authentication mechanism is used (e.g. Salted Challenge Response Authentication Mechanism…)?

Salted Challenge Response Authentication Mechanism

Which algorithm is used to store the password in the database?

The customer responsible only for the internal policy such as use stronBcrypt and Argon2 hashing for storing user passwordsg passwords and enable two factor authentication for all users.

What is the software technology and vendor of services

Nginx, PHP, Mysql, Redis

Is data encrypted

Yes, data is encrypted on transition, at rest and in backup; AES 256

Does GoRamp have a data retention policy?

Yes, please read General T&C