Lineup: Our commitment to Security
Lineup uses a hosting partner with data centre providers in multiple geographic regions (currently France, Canada and Australia) with policies and measures that are implemented according to the ISO/IEC270001 standard.
Our infrastructure partner has the following certifications: ISO/IEC27001, SOC 1 Type II (SSAE 16 and ISAE 3402) and SOC 2 Type II, STAR self-assessment – Cloud Security Alliance and PCI DSS. Lineup holds SOC 1 Type I and is annually audited by KPMG for SOC 1Type II.
Lineup personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Lineup conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labour law and statutory regulations. Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Lineup’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role. Lineup’s personnel will not process Customer Personal Data without authorisation
Lineup’s guarantee of confidentiality of information is achieved with best practice access control methods (including multiple layers, multiple factor and separation of concerns) in the Adpoint infrastructure and cloud services and related information.
Lineup follows industry best practices with respect to secure coding and software development and have an established internal secure software development life cycle process. At a minimum such development practices include: Input validation, Default Deny, adhering to the principle of least privilege and sanitizing data sent to other systems. The policy includes security source code review and testing comprised of at least dynamic and static testing. Lineup take the OWASP Top10 Register very seriously and is constantly reviewing it as part of one of our internal security controls and procedures.