Expert Choice Security

At Expert Choice, information security is a priority. We are committed to protecting our clients' data and ensuring the integrity of our systems.

ISO 27001 Certification

We are proud to be certified to ISO/IEC 27001:2022, an international standard that establishes the requirements for an effective information security management system. This certification demonstrates our commitment to confidentiality, integrity and availability of information.
Our certifier is Normalización y Certificación NYCE, S.C., an accredited body with the number 02/17 by the Entidad Mexicana de Acreditación A.C. (ema).

Certificate No. 2025CRI-366

• Date of issue: March 05, 2025
• Valid until: March 04, 2028
• Scope: Development and delivery process of SaaS services, as well as the process of collecting, processing, storing and delivering data reports, in accordance with the Statement of Applicability(SoA) ECH-DOC-SoA-V3 dated 02/27/2025.

Secure Infrastructure on AWS

Our technology platform is based on Amazon Web Services (AWS)which has recognized certifications in the industry, such as:

• PCI DSS level 1
• ISO 27001
• FISMA Moderate
• FedRAMP
• HIPAA
• SOC 1

AWS data centers operate in multiple availability zones around the world, ensuring 99.95% availability and 99.95% availability and a Tier III+ infrastructure Tier III+ infrastructure.

Communication Security and Authentication

We implement policies and procedures aligned with our Information Security Management System (ISMS) to ensure the confidentiality , integrity and availability of information . confidentiality, integrity and availability of data:

• Encryption and data protection: We apply encryption mechanisms to protect information in transit and at rest, ensuring secure communications with our customers and suppliers.
• Authentication and access control: We follow a role- and permission-based model to ensure that only authorized users access our systems and applications.
• Risk management: We have a proactive approach to identifying, analyzing and addressing information security risks.
• Incident monitoring and response: We implement incident management and audit procedures to detect and respond to potential threats.
• Regulatory compliance: Our ISMS encompasses policies and controls based on international standards, ensuring that our practices comply with the best security recommendations.

Security Best Practices

We adopt the best practices in technological security to protect our systems and data:

• Multi-factor authentication (MFA): We add an extra layer of security by requiring multiple forms of verification before granting access.
• Regular updates and patches: We keep our systems updated to correct known vulnerabilities.
• Data encryption: We protect sensitive information by using encryption techniques both at at rest and in transit.
• Network security: We implement traffic segmentation and monitoring measures to prevent unauthorized access and mitigate threats. Our systems continuously analyze network behavior to detect anomalies and respond proactively to possible incidents.
• Continuous training: We train our staff in secure information handling and cybersecurity practices.
• Access management: We implement strict policies to ensure that only authorized individuals access sensitive information.

Secure Development

Our development team follows the Open Web Application Security Project (OWASP) guidelines to ensure security in our applications. This includes:

• Implementation of the top 10 OWASP vulnerabilities to prevent common attacks such as SQL injection, XSS and authentication failures.
• Use of secure coding practices to avoid vulnerabilities from the early stage of development.
• Continuous security testing at each phase of the software development life cycle (SDLC).
• Code audits and reviews to detect and correct security issues prior to implementation.
• Implementation of Continuous Integration and Delivery (CI/CD) to ensure test automation and secure deployments.

Commitment to Continuous Improvement

At Expert Choice, we are committed to continually evaluating and improving our security policies and procedures to adapt to emerging threats and ensure the protection of our customers' information.

For transparency, we include our safety certificate issued by NYCE as an endorsement of our commitment to safety.