Security Policy and Standards

SMSPoh Take

Security Seriously As you Do

Certified Third-party Security Assessment

SMSPoh has completed a third-party security assessment with Kernellix, a leading cybersecurity company in Myanmar. It also regularly monitors the system to prevent the latest malware, attacks, or any potential hacks across all SMSPoh applications and systems.

Fully Encrypted

We enforce encryption of sensitive data, including user passwords, API credentials, and message contents, at the database level. Even if our database were to be compromised, it would be nearly impossible to decrypt the information without the key.

IP Whitelist

Restricting access to specific IP addresses reduces the risk of unauthorized access and potential abuse, making it harder for malicious users to exploit the API credential.

2FA Authentication

MFA adds an extra layer of protection beyond just a username and password. Even if credentials are compromised, unauthorized access is still prevented by authentication at the next step with their registered mobile number.

Information Security Policy

SMSPoh conducts regularly scheduled information security reviews and training as part of its employees' contractual obligations. The program includes, but is not limited to, the following:

  • Password manager policy
  • 2FA on source control repositories, cloud infrastructure and password manager accounts
  • Penetration testing against test environments before point release to production
  • Open Source software vulnerability subscription service
  • OS upgrade policy & procedures
  • Environment variables not stored in source control
  • Separation of credentials for testing and production environments
  • Disaster Recovery Plan (backup & restore, application infrastructure).
  • Employee formal security training
  • Securing developer equipment & credentials
  • Securing application credentials
  • Deployment procedures

Security Audit Log

Maintaining security audit log encourages users to be more mindful of their practices, knowing that their activities are being monitored. Any suspecious activities will be notified in realtime to your email.