Ansell is committed to providing security and protecting the integrity of your data. We, and any third-party vendor that develops software for us, adopt best practices and industry standards such as Secure Software Development Framework (SSDF), PCI DSS, ISO 27001 (We are in the process of gaining certification by target date 10/31/2023).
Through compliance with these general security and privacy frameworks, your data is secured and protected from various types of vulnerabilities and risks.
We host our software on Microsoft Azure and Amazon Web Services (AWS) cloud infrastructure that have been designed to be ISO 27001 and SOC 2 compliant.
Our hosting services feature stringent security requirements including:
Ansell minimizes risks associated with supply chain vendors by performing regular security assessments and continuous monitoring of all vendors.
We have a globally distributed Security Team to respond to security alerts and events. Our network security architecture consists of multiple security zones and protected through use of NGFW, IDS/IPS, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.
We use password strength requirements, mandatory Multi-Factor Authentication (MFA) and Conditional Access Policies to keep identities secure and protected.
Ansell databases and backups are encrypted. Strong end-to-end TLS encryption protects customer data wherever it is transferred. We maintain local and cloud immutable backups and perform regular Disaster Recovery (DR) tests.
Our engineers receive vendor organized technology training to keep up to date with best security practices.
Ansell personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all personnel are trained to participate in helping secure our customer data and company assets.
The Security team provides additional security awareness updates via email, blog posts, and in presentations during internal events.
We utilize vulnerability management security tools to continuously scan our applications against web application risks, including, but not limited to the OWASP Top 10 security risks. We maintain a dedicated security team to test and work with engineering teams to remediate any discovered issues.
For additional security and auditing measures, we also employ third-party security experts to perform detailed penetration tests on our network and different web applications.
Security researchers can refer to our Vulnerability Disclosure Policy.