Responsible disclosure
If you believe you have found a security issue affecting an Optracode-managed service, submit details through the contact form with enough information for triage. Please avoid accessing, modifying, or exfiltrating data.
Security
Security controls designed for real operations.
We focus on controls that reduce practical risk: network exposure, identity sprawl, insecure defaults, missing telemetry, and untested recovery paths.
Baseline controls
What we look for in every environment.
- Administrative services restricted to private networks or approved access paths.
- Cloud identity roles reviewed for least privilege and separation of duties.
- Production changes performed through versioned infrastructure and deployment workflows.
- Centralized logs and alerts for authentication, network, and infrastructure events.
- Documented backup, restore, and incident response procedures.
Data handling
Project data is limited to what is required for delivery. Access is scoped per engagement and removed during closeout unless otherwise agreed in writing.