Help
  • FAQ
    • Introduction
    • Name Matching
      • Does Screena provide rules-based and/or fuzzy matching capabilities?
      • Does Screena have any machine learning or AI capabilities?
      • What are name cultures and how does Screena handle them?
      • How does Screena handle different scripts, diacritics, and transliteration?
      • How does Screena handle common names?
      • How does Screena handle inaccurate data?
      • What methods does Screena use to reduce false positives?
      • What is the percentage of false positives reduced with the methods used by Screena?
      • How does whitelisting work?
      • What differentiates pairwise name-matching between Screena One and Screena Plus?
      • How does secondary attributes-matching work?
      • Can Screena match beyond names and allow firms to blacklist identifiers or locations?
      • What is the difference between 'matchingNames' in screening responses and 'names' in 'targetData'?
    • Watchlists
      • Which lists are available out of the box?
      • Is Screena watchlist agnostic?
      • How is watchlist data loaded into Screena?
      • How frequently is data updated within Screena?
      • Do you provide proprietary watchlist data?
      • What sort of data (e.g., names, known aliases, known associates, etc) is used for name matching?
      • Does Screena support adverse media screening?
      • Do you provide information about whether a list entry is active, inactive or deceased?
      • Do you provide a URL link to the reference article for adverse media screening?
      • How is the data of third-party list providers conveyed to your name-screening API response?
      • Can I screen against specific sanction programs within a watchlist and not all of them?
      • What is the difference between the USA and the OFAC lists?
      • Is there a template to upload private lists into Screena?
      • How many records can I upload to my private watchlist?
      • Can I upload more than one private list?
      • How can I update my private list?
      • Why can't I find Politically Exposed Persons (PEPs) at regional level when I use Instant Search?
      • How do you monitor that watchlists are up to date and correctly uploaded to your platform?
    • Performance
      • Does Screena provide real-time screening capabilities?
      • What is the speed of screening?
      • How do you ensure horizontal and vertical scalability?
      • Does Screena support batch processing?
      • Do you have performance benchmarks?
    • Integration
      • Can clients configure the solution themselves or would they need support from you?
      • Do you partner with any other solutions/vendors?
      • Do you provide technology or solutions to support alert remediation investigation?
      • Can Screena be integrated within third-party platforms and systems?
      • How do you handle changes to your API data model?
    • Personalization
      • What options do I have to optimize my screening results?
      • What screening parameters can I configure to meet my risk appetite?
      • To which extent are the screening thresholds adjustable?
      • What is the difference between the algorithm value "ignore" and the option "nullMatch" set to false?
    • Hosting & Deployment
      • How can Screena be deployed?
      • How do you set resources per customer?
      • How do you segregate the data and configuration between customers?
      • How often does Screena release new versions?
      • How often are models re-trained and what does roll out to clients look like?
      • How do you handle High Availability?
      • What AWS regions do you operate as of now?
      • What operating systems and/or execution platforms are supported?
      • How do you provide bug fixes and distribution across clients?
    • Pricing & Support
      • What is your pricing model?
      • Can you clarify the difference between Screena One, Plus and Firm?
      • What additional modules are not included in your core product pricing package?
      • Do you charge for professional services and/or after-sales services?
      • Do you offer bespoke solutions to clients?
      • Can I test your solution for free?
      • What happens at the end of my trial period?
      • What are my payment options - credit card and/or invoicing?
      • What are your standard support & maintenance agreements?
      • Are there integration costs to work with Commercial-Off-The-Shelve (COTS) lists?
    • Security & Audit
      • Does Screena have security certifications?
      • What security measures do you apply?
      • How do you adhere to GDPR?
      • Does Screena provide versioning capabilities?
    • Tech Stack
      • What is your tech stack?
      • What programming language(s) is Screena written in?
      • What source and version control systems are used to manage development?
      • What testing tools do you use?
  • How To
    • Install Screena Portal
      • Preparing your system
      • Installing Screena Portal backend
      • Launching Screena Portal backend
      • Installing the web server
      • Configuring Screena Portal
    • Start Screena Portal
      • Starting PostgreSQL database
      • Starting Apache HTTP server
      • Starting Screena application
        • Start command
        • Restart command
        • Stop command
  • Release Notes
    • 2.1.17
    • 2.1.16
    • 2.1.15
    • 2.1.14
    • 2.1.13
    • 2.1.12
  • Legal
    • Terms & Policies
      • Website Terms of Use
      • Screena API Terms of Service
      • Screena API Data Policy
    • Privacy & Security
Powered by GitBook
On this page
  • Hosting
  • Code
  • Access
  • Data

Was this helpful?

  1. FAQ
  2. Security & Audit

What security measures do you apply?

Hosting

We host multiple clients on a single standalone environment hosted on AWS through a single RESTful API. AWS employs a robust security program with multiple certifications including ISO 27001, ISO 27017, ISO 27018, ISO 27701, SOC 1, SOC 2, SOC 3, PCI DSS.

The system that hosts Screena is based on ARM Linux system. All hard drives are encrypted.

We use Amazon API Gateway and Amazon Load Balancer with WAF to distribute the requests and protect the system from DDoS attacks.

The production operating systems are updated on a daily basis for security updates.

To learn how we ensure High Availability, check the answer to this question: How do you handle High Availability?

Code

All the code produced for the core application and associated services adheres to the OWASP guidelines and recommendations to prevent common security issues such as cross-site scripting (XSS) or SQL injections. Every code change is committed, signed, and tracked in a versioning system.

During the development phase of the application, an automatic audit of security is done using GitLab and Sonar tools, and reviewed before each release.

Access

To use the Screena API, an API key is mandatory. We provide one API key, unique to each client, on a one-off basis. The API key is used to authenticate requests for usage and billing purposes. Each API request shall always be associated with an API key.

Multiple logging systems are in place to detect unauthorized access to the system. We use the regular logging from Amazon CloudTrail, CloudWatch, but also internally within the application where each API request is logged.

No administration URL is exposed externally. Administration URLs are only accessible from the internal network.

We performed an independent third-party penetration test on November 13th, 2023 to assess the security posture of our services.

You can read the executive summary of Screena penetration test conducted by Luxembourg-based IT security company STIDIA:

Data

We don’t store or keep customers’ personal data sent through Screena search endpoint. We only log and count the number of API requests executed monthly for billing purposes.

Data is kept anonymous at all times as we encrypt data in transit, in compliance with AES-256 SHA 512.

PreviousDoes Screena have security certifications?NextHow do you adhere to GDPR?

Last updated 1 year ago

Was this helpful?

473KB
2023-12-05 - Stidia S.A. - Executive Summary of Screena Penetration Test.pdf
pdf
Executive Summary of Screena Penetration Test