Controls

At Turn it Off, we prioritize the security and integrity of our clients' infrastructure. Our finops tool is built with robust controls to ensure secure operations while strictly adhering to the principle of least privilege.

Access Management

AWS Integration

  • IAM Roles with Custom Policies: We connect to AWS environments using IAM roles that have custom read-only and action-specific policies. This approach grants us the minimal necessary permissions to perform our functions without overstepping access boundaries.

Azure Integration

  • Service Principals with Contributor Access: For Azure platforms, we utilize service principals endowed with contributor-level access. This allows us to manage resources efficiently while maintaining strict access controls.

Data Access Controls

  • Infrastructure-Level Operations Only: Our tool operates solely at the infrastructure level. We do not access, retrieve, or interact with data stored within databases or any customer-specific data repositories. This ensures that sensitive data remains confidential and untouched.

Security Framework Alignment

We have implemented comprehensive controls aligned with the ISO 27001 standards to uphold the highest security practices.

Implemented Controls:

  • Risk Management: Regular risk assessments to identify and mitigate potential security threats.

  • Access Control Policies: Strict policies that enforce the principle of least privilege, ensuring users have only the access necessary for their roles.

  • Security Training: Ongoing training programs to keep our team informed about the latest security protocols and best practices.

  • Incident Response Plan: A detailed plan to promptly address and resolve any security incidents.

  • Continuous Improvement: Regular reviews and updates of our security policies and procedures to adapt to evolving threats.

Operational Security Measures

  • Secure Development Lifecycle (SDLC): Security is integrated at every stage of our software development process, including code reviews and vulnerability assessments.

  • Encryption: We employ industry-standard encryption methods for data in transit and, where applicable, data at rest.

  • Monitoring and Logging: Continuous system monitoring and detailed logging are in place to detect and respond to any unusual activities swiftly.

  • Compliance Checks: Routine audits are conducted to ensure adherence to security policies and to identify areas for enhancement.

By implementing these controls, we strive to provide a secure and reliable service that our clients can trust. Our commitment to security is unwavering, and we continuously work to enhance our practices in line with industry standards.

PreviousSSL CertificatesNextFAQ

Last updated