- SOC2 Type 2 and ISO27001 certifications initiated
- Strict implementation of EBA guidelines for essential outsourced services :
- Audit rights for the customer and the regulator
- Open subcontractor list for Marble, subject to the same guidelines and customer’s approval (sub-outourcing framework agreement)
- Reversibility of the service
- Service Level Agreement
- Monitoring of EBA policies to continue to meet the new standards
- GDPR compliant
- All data hosted in EEU
- Privacy by design
- Authentication We have Single Sign On (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to Marble’s cloud services and SaaS are protected.
- Password Managers All company-issued laptops have a password manager in place for team members to manage passwords and maintain password complexity.
- Permissions Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.
- Security policy deployed (for travels, out-of-office work, in-office practices, laptop configurations, and encryption)
- Least privileged access control
- Production account is only accessible by Senior DevOps employees, on a need-to-do basis
- No manual access for ordinary operations
- Minimally scoped permissions for apps running
- Security tests and monitoring (Bandit, GitGuardian, black box testing)
- Third-party penetration testing
We work with independent security consultants to conduct regular penetration tests on all parts of our system.
- Auditability (log trails)
- Up-to-date list of 3rd party services used with production data can be provided on request at any moment
- Current list is:
- AWS (servers located in the EU, with the EBA Financial Services Addendum)
- Cloud-native platform hosted in the EU on AWS
All our services are hosted with Amazon Web Services (AWS) in Europe.
For more information please visit AWS Security.
- Data encryption
Data is encrypted at rest and in transit using state-of-the-art standards
- Data isolation
- Specific AWS account for production on which only Senior DevOps employees can have access
- Your data is stored on different servers than Marble data and other customers' data
Updated 10 days ago