The DAM Software Company, Inc. is a Southern California-based technology company specializing in cloud-based B2B digital asset management solutions. Our flagship product, Mediagraph™, is a modern, scalable DAM solution designed for education institutions, non-profits, and businesses of all sizes, offering efficient tools for managing, accessing, and sharing digital assets.
Information Security
Mediagraph encrypts and protects sensitive information across the transformation and analysis process.
- Data in Transit- TLS encryption for all data exchanged.
- Data at Rest – AES 256-bit encryption
- Network Security – Intrusion detection systems and alerts to monitor for real-time threats, including the use of AWS GuardDuty.
Access Management & Authentication
Mediagraph provides full control of access to all hosted information
- Account Authentication: Password and 2FA
- Password Policies: Required strength factors (8 minimum characters), salted and hashed password storage, and password resets.
- Granular Access Control and Review: Role-based access, visibility, and user access rights. Regular access review and analysis.
- Audit and Access Logging: Detailed tracking and audit logging of all activities related to the application environment and administrative activity.
Software Development Practices
Security processes have been fully integrated into Mediagraph development processes. Developers receive training that focuses on OWASP-specific guidelines. In addition, processes are set up to allow for separation of duties and segmentation of platforms with dev, staging, and production.
- OWASP-based security controls design
- Separation between dev, staging, and prod
- Use of test data in a development environment
- Penetration testing
- Code repository controls
- Threat modeling
- Deployment controls
Infrastructure Security
Mediagraph leverages Amazon Web Services (AWS). We utilize hardening practices from the Center for Internet Security (CIS) Benchmarks for the platform configuration. The DAM Software Co. can make all standards, AWS certifications, accreditations, and physical security controls available.
Company Policies and Procedures
The DAM Software Co. security, risk, and compliance processes were developed based on industry best practices and are reviewed and updated on an annual basis or upon any significant change.
- Security Policies and Training – All employees undergo required training upon hire and must recertify annually. Policies include:
- Access Control
- Business Continuity
- Disaster Recovery
- Cryptographic Controls
- Data Management
- Human Resources Security
- Information Security
- Operations Security
- Risk Management
- Third-Party Risk Management
- Platform Security – On-going security activities, including:
- Network intrusion detection
- Code vulnerability scanning
- Penetration testing
- System, network, application log analysis, reporting, and retention
- Incident Response Planning & Team in place to handle any significant security event to triage and respond to establish system resiliency, minimize impact, and protect customer data.
Regular Third-Party Security Review that identifies and evaluates security risks of vendors and third parties.
Standards and Certification
The DAM Software Co. is committed to establishing and maintaining compliance with key information security and regulatory standards, including:
- Service Organization Control (SOC) 2
- CSA Controls Matrix
Mediagraph and third-party certification and verification reports are available for limited distribution and shared under non-disclosure agreements.
Helpful Links
CSA Security Standards - https://cloudsecurityalliance.org/star/
AWS Risk and Compliance - https://aws.amazon.com/compliance/programs/
The DAM Software Co. Privacy Policy - https://www.mediagraph.io/privacy-policy/