Why We Care
Services should be designed and developed to identify and mitigate threats to their security. Those which arenβt may be vulnerable to security issues which could compromise your data, cause loss of service or enable other malicious activity.
How We Show It
Isolated Environments
edison365 software is developed in house. All software is developed on isolated development environments. edison365 developers create new branches for changes they are working on, this includes new features and improvements to existing features. Once the changes have been completed and successfully tested on the developer's local environment, a pull request (PR) is initiated. This process used to trigger the next step in the process.
Testing Changes
After the PR is submitted, team members will review, provide feedback, and approve or reject the changes as needed. Once the PR is approved, this triggers the automated process to merge the change into the primary branch. As part of this process, the code is analyzed by SonarCloud for security, bugs, and best practice recommendations that might not have been caught in the manual PR review. If any issues are identified, the developer addresses the recommendations to ensure the smooth progression of the pipeline process.
Packages used in the code base are also analyzed for vulnerabilities using Mend Bolt. Once these test are successfully completed, the update is then available on the Internal Development Environment builds where the QA team performs testing. After the tests are successfully completed on the Development environment, a PR is created to merge these changes into the Staging environment, the same code analysis is run again in the pipeline.
Regression Testing
Once successfully completed and updated on the Staging environment, the QA team carry out regression testing. This includes testing the software to ensure that all previous functionalities are still working as expected and that no new bugs have been introduced. The team also verifies that the security measures implemented during development have been maintained so that the software remains resilient against potential threats.
Production Release
After successful regression testing, the final PR is created to merge this change into the customer-facing Production environment. Again, the same code analysis is run with this final PR. At each stage the builds and releases are managed by the pipeline with no manual or human interaction to give a repeatable process that can give assurances in consistency and security. This rigorous testing process helps to guarantee the stability and security of the software before it is deployed to you.
Why You Can Trust Us
We go through top-to-bottom, intensive auditing process every year to make sure we measure up to industry standards and best practices as set by the International Organization for Standardization (ISO).
We have several ISO certificates which you can read more about here, but here's a preview:
- ISO 27001 - Information Security Management Systems
We also have yearly third-party penetration testing which you can read more about in the Vulnerability section of the Technical Docs.