EFILOS Logo
Back to site

Security Overview

Last updated: March 2026

1. Security overview

SCREDIT is designed for organizations that manage sensitive credit, receivables, and financial information. Our program is built around layered security controls, operational discipline, and platform architecture aligned to enterprise expectations.

2. Administrative, technical, and organizational safeguards

  • Role-based access control, tenant-aware authorization, and least-privilege operational access.
  • Encryption in transit, encrypted storage layers where supported, and secret handling practices designed to reduce exposure.
  • Centralized logging, monitoring, incident response, backup, and recovery procedures.
  • Secure development lifecycle practices including peer review, dependency management, and vulnerability remediation workflows.

3. Platform architecture and tenant isolation

SCREDIT uses a multi-tenant architecture with logical tenant isolation controls, application authorization checks, auditability, and environment-level access restrictions. Supporting services may include identity services, relational databases, object storage, messaging, caching, and observability tooling.

4. Incident response

EFILOS maintains documented processes for detection, escalation, investigation, containment, remediation, and communication relating to security incidents. Where contractually required, customers will be notified without undue delay after confirmation of a reportable incident affecting customer data.

5. Business continuity

  • Backup and restoration procedures for key systems and data stores.
  • Recovery planning and environment management practices intended to support service resilience.
  • Operational monitoring to detect availability, performance, or security anomalies.

6. Compliance alignment

Our control environment is designed to support common customer due diligence requirements and to align with recognized frameworks such as SOC 2 principles and privacy-by-design practices. Specific certifications or attestations, if any, are governed by current public statements or contractual disclosures.