All CAD files, test reports, and order records are encrypted using AES-256. Data in transit uses TLS 1.3. Access logs are retained for 90 days.
Engineering, production, and admin roles have separate permissions. No shared credentials. MFA enforced for all remote logins to the ERP and PLM systems.
Our IR team follows a documented playbook: detection within 15 minutes, containment within 1 hour, and root-cause report within 24 hours. Drills run quarterly.
Payment processing is handled by a PCI-DSS Level 1 provider. No card data touches our servers. Invoices are generated from a segregated billing environment.
Production floor networks are physically separated from office LAN. SCADA and test rigs operate on isolated VLANs with strict egress filtering and no internet access.
Weekly external and internal scans cover all public-facing services and internal hosts. Critical findings are patched within 48 hours. Reports are reviewed by the security lead.
Annual SOC 2 Type II audit and penetration test by an independent firm. Results are shared with key clients under NDA. Remediation plans are tracked in Jira.
For details on our data handling practices, refer to our policy page or contact info@schmoozinelli.com.