.png)
Cybersecurity compliance for critical infrastructure.
© Copyright Overcyte 2025
Last updated: 31 March 2025
At Overcyte, we recognise that the adoption of cloud-native solutions brings both enhanced capabilities and new security challenges. Our mission is to deliver a cyber resilience platform that our customers can trust implicitly. Security is not an afterthought it's a foundational element woven into every aspect of our operations, from product design to daily practices.
We employ a risk-based approach to our Information Security Management System (ISMS), focusing on identifying, assessing, and mitigating vulnerabilities and threats to our information assets. This proactive stance ensures the confidentiality, integrity, and availability of data entrusted to us.
Security is embedded into every layer of our platform:
• Application Architecture: Our applications are designed with multi-tenancy isolation, ensuring that customer data is segregated and protected.
• Infrastructure: We utilise containerised environments and serverless functions to minimise attack surfaces and enhance scalability.
• Data Storage: All data is encrypted at rest and in transit using industry-standard encryption protocols. Every customer has a dedicated database.
• Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced across all systems.
We are committed to safeguarding customer data:
• Data Minimisation: We collect only the data necessary to provide our services, adhering to the principle of least privilege.
• Data Retention: Data is retained in accordance with defined lifecycle policies and is securely deleted upon request or at the end of its retention period.
• Privacy Compliance: Our practices align with global privacy regulations, ensuring transparency and control over personal data.
• Data Storage Location: During our onboarding process, customers can choose to store their data in one of the following locations: AU, UK, and USA.
Access to systems and data is tightly controlled:
• Provisioning: Access is granted based on job responsibilities, following a strict approval process.
• Monitoring: All access is logged and monitored for anomalous activities.
• Review: Regular reviews are conducted to verify appropriate access levels and to revoke unnecessary permissions.
Our proactive monitoring and incident response capabilities include:
• Real-Time Monitoring: Our cloud hosting partners provide continuous surveillance of systems to detect and respond to threats promptly.
• Incident Response Plan: A well-defined plan that outlines procedures for containment, eradication, and recovery from security incidents.
• Post-Incident Analysis: Thorough investigations are conducted to understand root causes and to implement improvements.
Our development lifecycle incorporates security at every stage:
• Code Reviews: All code undergoes rigorous peer reviews to identify potential security issues.
• Automated Testing: Security testing is integrated into our CI/CD pipelines to detect vulnerabilities early.
• Dependency Management: We monitor and update third-party libraries to mitigate risks from known vulnerabilities.
We ensure service resilience through:
• Redundancy: Our cloud providers utilise systems that are designed with redundancy to prevent single points of failure.
• Backups: Point-in-time backups of customer data are performed as transactions are committed, and the restoration of these backups is tested to ensure data integrity and availability.
• Disaster Recovery Plan: Our cloud service providers maintain a comprehensive plan to restore services promptly in the event of a disruption.
Overcyte adheres to industry standards and undergoes regular audits, including penetration testing, to validate its security posture. We are committed to maintaining compliance with relevant regulations and frameworks to provide assurance to our customers.
We value the security community's contributions to identifying potential vulnerabilities. If you discover a security issue, please report it to us via email at security@overcyte.com
We are committed to investigating and addressing reported issues promptly.
After signing a non-disclosure agreement, a complete Data Processing Agreement and Penetration Testing report can be made available upon request.