Security and Privacy
Security is at the heart of what we do—helping our customers improve their security and compliance posture starts with our own.
Security is at the heart of what we do—helping our customers improve their security and compliance posture starts with our own.
UNIS engages with one of the best penetration testing consulting firms in the industry at least annually. All areas of the UNIS product and cloud infrastructure are in-scope for these assessments, and source code is fully available to the testers in order to maximize the effectiveness and coverage.
We make summary penetration test reports available via our Trust Report.
UNIS requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC):
Software composition analysis (SCA) to identify known vulnerabilities in our software supply chain
It's crucial that our control implementation follows an iterative approach, consistently evolving to enhance effectiveness, boost auditability, and minimize operational friction.
Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege. This approach significantly reduces the risk of unauthorized access to sensitive information and limits malicious actions.
Security controls should be implemented and layered according to the principle of defense-in-depth. This method ensures that if one control fails, additional layers are in place to mitigate any potential threats.
Security controls should be applied consistently across all areas of the enterprise. This holistic approach ensures that security measures are uniformly enforced, leaving no part of the organization disproportionately vulnerable to cyber threats.
All customer data is encrypted at rest, including S3 buckets, with sensitive collections using row-level encryption, ensuring protection before reaching the database.
UNIS employs TLS 1.2+ for data transmission over insecure networks, using HSTS for added security. AWS manages server TLS keys and certificates via Load Balancers.
AWS Key Management System (KMS) manages encryption keys in Hardware Security Modules (HSMs), preventing access by any individuals, including employees of Amazon and UNIS.
UNIS uses Tailscale VPN for secure remote access and malware-blocking DNS servers to protect employees during internet browsing.
UNIS offers security training during onboarding and annually, including live sessions for new hires and engineers on key principles and secure coding.
UNIS employees receive application access based on their role and are automatically deprovisioned upon termination, with further access requiring approval per application policies.
All company devices are centrally managed with MDM software and anti-malware, ensuring secure configurations and 24/7 threat monitoring.