Data Security Compliance Statement
At WellBean AI, we are committed to following industry best practices and aligning with widely recognized security frameworks and standards.
Our data security practices are guided by the following:
NIST Cybersecurity Framework (CSF)
We have implemented security controls and processes informed by the NIST CSF, which provides a comprehensive set of guidelines for managing cybersecurity risk. Our practices align with the CSF's core functions of Identify, Protect, Detect, Respond, and Recover.
CIS Critical Security Controls
We have adopted many of the Center for Internet Security's Critical Security Controls, which are a prioritized set of actions that collectively form a defense-in-depth set of best practices to mitigate the most common attacks against systems and networks.
OWASP Application Security Verification Standard (ASVS)
Our software development practices and application security controls have been designed to align with the recommendations in the OWASP ASVS. We strive to achieve a high level of conformance with ASVS Level 2 or higher.
Cloud Security Alliance (CSA) Cloud Controls Matrix
For the cloud-based components of our service, we have implemented security measures that align with the control objectives and best practices outlined in the CSA Cloud Controls Matrix, which provides a comprehensive framework for securing cloud applications and infrastructure.
Mozilla Observatory & Security Headers Compliance
We regularly test our web applications using tools like the Mozilla Observatory and SecurityHeaders.com. We aim to consistently achieve high ratings in these objective third-party assessments and promptly remediate any identified gaps.
Linux Foundation Core Infrastructure Initiative (CII) Best Practices
We have earned the CII Best Practices badge, which demonstrates our commitment to following security best practices in the development of our open source components. The CII badge program provides a comprehensive set of requirements for secure software development.