ISMS Compliance
CyFun BasicProtect

PR.PT-4: Communications protection

Communications and control networks are protected

PROTECTPR.PT-4

Requirement

Web and e-mail filters shall be installed and used.

Our Implementation

All API communications are protected with HTTPS/TLS encryption and authenticated using JWT tokens issued by Supabase Auth. Input validation is implemented on API endpoints to prevent injection attacks.

Web filtering is provided through Google Workspace security settings, which include Safe Browsing protection for team members using Chrome. Email filtering is managed by Google Workspace with built-in spam detection, phishing protection, and malware scanning for all incoming and outgoing email.

Gaps / Planned improvements:

  • No dedicated web proxy or URL filtering solution beyond Google Safe Browsing (NEX-380)
  • No email encryption (S/MIME or PGP) for sensitive communications (NEX-380)
Partially ImplementedL2 — Repeatable

PR.PT-1: Audit log management

Audit/log records are determined, documented, implemented, and reviewed in accordance with policy

Detect

Timely detection of cybersecurity events

On this page

RequirementOur Implementation