Logo
Privacy Hero Background

Home

Security

Security

At StellarStack Ltd, we take the security of our clients’ data, infrastructure, and intellectual property with the highest level of seriousness. Our security practices are designed to safeguard information against unauthorized access, disclosure, alteration, or destruction, while maintaining confidentiality, integrity, and availability across all services.

Purpose and Scope

This Security Policy outlines StellarStack’s approach to information security management and applies to all employees, contractors, vendors, partners, and systems that access or handle StellarStack’s data, services, and infrastructure.
Our security framework is aligned with globally recognized standards and best practices, including:

  • ISO/IEC 27001:2022 (Information Security Management Systems)
  • NIST Cybersecurity Framework (CSF)
  • GDPR and other applicable data protection laws

Information Security Governance

StellarStack has established a dedicated Information Security Management Program (ISMP) responsible for defining, implementing, and maintaining the company’s security policies, standards, and procedures.
The ISMP ensures:

  • Continuous risk assessment and management
  • Regular audits and compliance reviews
  • Clear security roles and responsibilities
  • Periodic policy updates and employee training

Data Protection and Privacy

We employ multiple layers of protection to safeguard customer data, including:

  • Data Encryption: All data in transit and at rest is encrypted using industry-standard protocols such as TLS 1.2+ and AES-256.
  • Access Control: Role-based access control (RBAC) and least-privilege principles govern access to all systems and data.
  • Data Minimization: Only necessary information is collected and retained for legitimate business purposes.
  • Data Backup: Regular automated backups ensure data integrity and quick restoration in case of incidents.

Network and Infrastructure Security

StellarStack’s infrastructure is secured through a defense-in-depth approach, including:

  • Firewalls, intrusion detection/prevention systems (IDS/IPS), and DDoS mitigation
  • Continuous monitoring and automated alerting for anomalies
  • Segregated environments for development, staging, and production
  • Secure configuration management and vulnerability scanning

Application and Software Security

Security is integrated into the entire software development lifecycle (SDLC). Our engineering teams follow:

  • Secure Coding Practices guided by OWASP Top 10 standards
  • Code Review and Static/Dynamic Analysis before deployment
  • Dependency Management with regular patching and updates
  • Penetration Testing by independent security specialists at defined intervals

Access Management

Access to systems and data is strictly controlled:

  • Multi-Factor Authentication (MFA) is mandatory for all administrative and cloud accounts
  • Access rights are reviewed quarterly
  • Immediate revocation of access for offboarded users
  • Secure password management and rotation policies

Incident Response and Reporting

In the event of a security incident, StellarStack follows a structured Incident Response Plan (IRP) consisting of:

  • Identification – Detecting and verifying the incident
  • Containment – Limiting impact and isolating affected systems
  • Eradication – Removing threats and vulnerabilities
  • Recovery – Restoring operations securely
  • Post-Incident Review – Analyzing root causes and implementing improvements

All incidents are logged, monitored, and escalated to appropriate teams within defined SLAs.

Third-Party and Vendor Security

We ensure that all third-party vendors, partners, and service providers handling our data comply with equivalent or higher security standards. Vendor risk assessments are conducted prior to onboarding and reviewed annually.

Physical Security

Access to data centers and office facilities is restricted through:

  • Biometric and RFID access systems
  • CCTV surveillance and 24/7 monitoring
  • Visitor logs and escort policies
  • Secure disposal of hardware and storage media

Compliance and Auditing

StellarStack conducts regular internal and external audits to ensure compliance with this policy and applicable regulations. We maintain transparency with clients regarding compliance certifications, audit results, and security controls upon request.

Employee Awareness and Training

All employees undergo security awareness training during onboarding and annually thereafter. Specialized training is provided to personnel managing sensitive systems or data.

Policy Review and Updates

This Security Policy is reviewed annually or upon significant changes to technology, regulations, or business operations. Updates will be published on our website and communicated to relevant stakeholders.

Contact Information

For any questions, concerns, or security-related inquiries, please contact:
StellarStack Ltd

Kingsway #2600-4720, Burnaby, BC V5H 4N2, Canada

📞 +1 778 227 0782
🌐 www.stellarstack.co
📧 security@stellarstack.co