Biện pháp kỹ thuật + tổ chức

TLS 1.3 in transit (TLS 1.2 disabled). AES-256 at rest. Per-customer row-level keys for sensitive tables.

SSO + MFA mandatory for all staff. Least-privilege RBAC. Production access requires explicit ticket + quarterly review.

All ingress through a managed WAF (Cloudflare). Private VPC for compute + DB. No public DB endpoints. IP allowlist for super-admin portal.

Immutable audit log, 7-year retention. 24/7 alerting on auth failures, privilege escalations, DB anomalies.

Daily encrypted backups, 30-day retention, geo-replicated. Quarterly restore drills. Target RPO 24h / RTO 4h.

Background checks. Annual security training. Off-boarding: access revoked within 1 hour of departure.

Sub-processors reviewed annually. DPA in force with every vendor before any data is shared.

Vault-managed; rotated quarterly. No long-lived credentials in source. SOPS for any committed config that must reference a secret.