Skip to main content
Security

Security Practices

Our commitment to protecting your data and maintaining secure systems

Security is fundamental to everything we do at 291 Group. With backgrounds in defence and signals intelligence, we understand that security isn't just a feature—it's a requirement. We apply defence-grade security practices to all our systems and services.

Our Security Approach

Security is built into our systems from the ground up, not bolted on as an afterthought. We follow security-by-design principles and implement defence-in-depth strategies across all layers of our infrastructure and applications.

Infrastructure Security

Network Security

  • Network segmentation and isolation
  • Firewall protection and intrusion detection systems
  • Virtual Private Networks (VPN) for secure remote access
  • DDoS protection and mitigation
  • Regular network security assessments and penetration testing

Server & System Security

  • Hardened operating systems and minimal attack surfaces
  • Automated security patch management
  • System monitoring and logging
  • Configuration management and compliance scanning
  • Regular vulnerability assessments

Data Security

Encryption

  • Data in Transit: TLS 1.3 encryption for all data transmission
  • Data at Rest: AES-256 encryption for stored data
  • Database Encryption: Encrypted databases with secure key management
  • Backup Encryption: Encrypted backups with secure off-site storage

Data Protection

  • Role-based access control (RBAC)
  • Principle of least privilege enforcement
  • Data classification and handling procedures
  • Secure data deletion and sanitization
  • Regular data backup and recovery testing
  • Geographic data residency controls

Application Security

Secure Development

  • Secure Software Development Lifecycle (SSDLC)
  • Code review and static analysis
  • Dependency vulnerability scanning
  • Security testing integration in CI/CD pipelines
  • OWASP Top 10 protection measures

Authentication & Authorization

  • Multi-factor authentication (MFA)
  • Strong password policies
  • Session management and timeout controls
  • OAuth 2.0 and OpenID Connect support
  • API authentication and rate limiting

Operational Security

Monitoring & Detection

  • 24/7 security monitoring and alerting
  • Intrusion detection and prevention systems (IDS/IPS)
  • Security Information and Event Management (SIEM)
  • Anomaly detection and behavioural analysis
  • Comprehensive audit logging

Incident Response

  • Documented incident response procedures
  • Defined escalation paths and communication protocols
  • Regular incident response drills and tabletop exercises
  • Post-incident analysis and remediation
  • Forensic capabilities for investigation

Physical Security

  • Secure data center facilities with 24/7 monitoring
  • Multi-factor physical access controls
  • Environmental controls and redundancy
  • Secure hardware disposal procedures
  • Canadian data residency options

Compliance & Standards

We align our security practices with industry-recognised standards and frameworks:

  • NIST Cybersecurity Framework
  • ITSG-33 Security Controls (Government of Canada)
  • ISO 27001 principles and best practices
  • OWASP Application Security Verification Standard (ASVS)
  • CIS Critical Security Controls
  • PIPEDA compliance for privacy protection

Personnel Security

Background Checks

  • Security clearance verification for defence projects
  • Background screening for all personnel
  • Ongoing security awareness and vetting

Training & Awareness

  • Security awareness training for all staff
  • Secure coding training for developers
  • Phishing and social engineering awareness
  • Regular security updates and briefings
  • Incident response training and exercises

Third-Party Security

  • Vendor security assessments and due diligence
  • Contractual security requirements
  • Regular vendor security reviews
  • Supply chain risk management
  • Open-source dependency monitoring

Continuous Improvement

Security is not a one-time effort. We continuously improve our security posture through:

  • Regular security assessments and penetration testing
  • Vulnerability management programs
  • Security metrics and KPI tracking
  • Threat intelligence monitoring
  • Lessons learned from security incidents
  • Industry best practice adoption

Reporting Security Issues

We take security vulnerabilities seriously. If you discover a security issue in any of our systems or services, please report it to us responsibly.

Security by Design

With backgrounds in signals intelligence and electronic protection, our team understands security from both offensive and defensive perspectives. We build systems that:

  • Assume breach and implement defence-in-depth
  • Minimise attack surfaces through design
  • Fail securely with appropriate error handling
  • Log and monitor all security-relevant events
  • Support security analysis and forensics

Privacy Policy Terms of Service