Trust & Security

Security

Security is not a feature — it's the foundation of everything we build. Here's how we protect your data.

Last updated: February 1, 2026

Security Architecture

ShipyardPro implements a defense-in-depth security strategy with multiple layers of protection. Our architecture is designed to protect sensitive shipyard operational data, financial records, and personnel information against both external and internal threats.

Encryption at Rest & Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Database backups are also encrypted.

Authentication & Access Control

Role-based access control (RBAC), multi-factor authentication (MFA), and session management with HttpOnly cookies.

Infrastructure Security

Hosted on enterprise-grade cloud infrastructure with DDoS protection, WAF, and network segmentation.

Monitoring & Detection

24/7 real-time monitoring, intrusion detection systems (IDS), and automated anomaly alerting.

Compliance & Certifications

ISO 27001 aligned practices, SOC 2 Type II audit readiness, and GDPR compliance.

Incident Response

Documented incident response plan with defined roles, escalation procedures, and post-mortem analysis.

Security Practices

Regular penetration testing by independent security firms
Automated vulnerability scanning of all dependencies
Code review requirements for all production deployments
Employee security awareness training quarterly
Background checks for all team members with data access
Principle of least privilege for all internal systems
Automated secret detection in CI/CD pipelines
Regular disaster recovery and backup restoration drills

Data Isolation

Each customer's data is logically isolated at the database level. Tenant identification is enforced on every API request to prevent cross-tenant data access (IDOR protection). Users cannot access data from other organizations by manipulating URLs, API calls, or request parameters.

Vulnerability Disclosure

We operate a responsible disclosure program. If you discover a security vulnerability in ShipyardPro, please report it to security@shipyardpro.com. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours. We do not pursue legal action against researchers acting in good faith.

Compliance

ShipyardPro maintains compliance with industry security standards and regulations:

  • ISO 27001 — Information Security Management System (aligned)
  • SOC 2 Type II — Audit readiness for security, availability, and confidentiality
  • GDPR — Full compliance with EU data protection regulations
  • OWASP Top 10 — All development follows OWASP secure coding guidelines

Security Questions?

Our security team is available to answer questions and provide additional documentation for enterprise evaluations.

Contact Security Team