Security

Security is infrastructure, not a feature.

Our security practices reflect the environments we operate in. We build for organizations where a breach has real consequences — and our own security posture reflects that same standard.

Secure Development Lifecycle

  • Threat modeling during the architecture phase of every engagement
  • Mandatory code review with security-focused checklist
  • Static application security testing (SAST) in all CI/CD pipelines
  • Dependency scanning and automated vulnerability alerts
  • OWASP Top 10 verification before every production deployment

Encryption Standards

  • TLS 1.3 enforced for all data in transit
  • AES-256 encryption for data at rest
  • Secrets managed via HashiCorp Vault or cloud-native secret managers
  • Database encryption enabled by default on all client environments
  • Certificate rotation and expiry monitoring

Infrastructure Security

  • Zero-trust network architecture for internal systems
  • Principle of least privilege enforced across all IAM configurations
  • Multi-factor authentication required for all privileged access
  • Infrastructure as Code reviewed for security misconfigurations before apply
  • Immutable infrastructure patterns used where possible

Compliance & Standards

  • Engagements scoped to SOC 2 Type II requirements on request
  • ISO 27001 framework alignment available
  • GDPR-compliant data handling practices
  • HIPAA-compatible architecture available for healthcare clients
  • Regular internal security audits and penetration tests

Responsible Disclosure

If you believe you have discovered a security vulnerability in any ATG Concordia system or in a system we manage, please report it to us privately so we can investigate and remediate before any public disclosure.

We commit to acknowledging your report within 24 business hours, keeping you informed of our investigation progress, and crediting you publicly (if you wish) once the vulnerability is resolved.

Report security issues to:

security@atgconcordia.com

Security questions or concerns?

Our security team responds within one business day.

Contact Security Team