# Data Security at Rest and in Transit

<details>

<summary>Do we have a procedure regulating the encryption of data at rest and in transit?</summary>

Yes, according to the implemented policy PBI - 04 Annex 02 Procedure for Managing Security and Cryptographic Keys. Data in transit is encrypted using the SSL protocol. Long-term data storage in the form of backups is fully encrypted. Operational data is not encrypted for optimization reasons.

</details>

<details>

<summary>Are access to data and actions resulting in changes to production environments recorded/logged?</summary>

Yes.

</details>

<details>

<summary>Is the development and testing of IT systems/applications conducted exclusively outside of the production environment?</summary>

Yes.

</details>

<details>

<summary>Is there segregation/separation of the production environment from development, testing, and acceptance environments?</summary>

Yes.

</details>

<details>

<summary>Are solutions such as automated (static) code review/analysis, dynamic code analysis, vulnerability scanning, penetration testing, and peer code review used for software security testing?</summary>

Yes.

</details>

<details>

<summary>Is there control over the source code developed by or for the Provider?</summary>

Yes.

The code is developed internally.

</details>

<details>

<summary>Is the source code and related elements stored in a controlled central source library?</summary>

Yes.

</details>

<details>

<summary>Is the source code and related elements not located in the production environment?</summary>

Yes.

The source code is stored in an independent environment.

</details>

<details>

<summary>Do we regularly perform penetration tests? How frequently?</summary>

Yes. Vercom conducts penetration tests according to the document 'Vercom Vulnerability Management Process.' We perform cyclic penetration tests of our application annually internally by our Pentester, and at least once every two years by an external auditing company (alternating between internal and external tests). The test plan is determined by the test coordinator in consultation with project directors and the CTO. A detailed test plan is established each time based on the suggested schedule.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.emaillabs.io/en/faq/emaillabs-safety-center/data-security-at-rest-and-in-transit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.