ISMS Compliance
CyFun BasicProtect

PR.DS-1: Data-at-rest protection

Data-at-rest is protected

PROTECTPR.DS-1

Requirement

This control is covered by other elements of the framework; no additional requirements are identified.

Our Implementation

All data at rest is encrypted at the infrastructure level by cloud providers. The primary database (Supabase, hosted on AWS eu-central-1) uses AES-256 encryption for data at rest, with encryption keys managed by AWS Key Management Service (KMS). Other database providers (Turso, Qdrant, Upstash) similarly encrypt stored data using their platform-managed encryption.

Source code repositories on GitHub are stored on encrypted infrastructure. File storage via Supabase Storage uses the same AES-256 encryption as the database layer.

Gaps / Planned improvements:

  • Application-level encryption deferred to provider-managed KMS — risk assessed and accepted per RSK-005 with CTO approval
  • Full-disk encryption not yet verified on all team member devices (NEX-345)

Evidence

ImplementedL2 — Repeatable

PR.AT-1: Security awareness training

All users are informed and trained

PR.DS-2: Data-in-transit protection

Data-in-transit is protected

On this page

RequirementOur ImplementationEvidence