Information Security:
How Does AMC Bridge Protect Sensitive Data? 

In today’s digital landscape, information security (IS) is essential to protect confidentiality, ensure data integrity, maintain availability, safeguard privacy, guard against cyber threats, and maintain trust and reputation.

AMC Bridge is a trusted partner that delivers software development services and always prioritizes the security of our clients’ private information. As a global company with teams working remotely from different countries, we recognize the vital importance of IS in maintaining steady business operations. We continuously invest in improving our security practices, from implementing robust security measures to regularly testing and monitoring our systems for vulnerabilities. We use effective measures such as firewalls, intrusion detection systems, antivirus software, and employee training to detect, prevent, and mitigate cyber threats.

However, we also understand that IS is constantly evolving. That’s why we are committed to staying up-to-date with the latest threats and technologies and continuously evaluating and improving our security processes and practices to protect our clients’ data better.

To learn more about our IS commitment, explore the strategies we use to protect our clients’ data and prevent breaches.

What is information security?

IS is the complete set of measures and strategies that AMC Bridge employs to safeguard organizational and personal data, including business-critical information, from potential information security threats such as data breaches.

What are existing threats?

There are two main types of security incidents:

Account compromising

When accounts are compromised, valuable computing resources and sensitive corporate and personal data are put at risk. Even accounts with limited or restricted institutional data, emails without private information, or personal files may become valuable to hackers.

Compromised accounts may include personal or corporate email accounts, servers, services, and devices.

Violation of intellectual property

The company’s intellectual property (IP) includes copyrights, patents, trademarks, service marks, trade secrets, design rights, logos, and brands.

In general, IP infringement occurs when a work protected by IP laws is used, copied, or exploited without proper permission from the owner of those rights. Examples of IP infringement include:

  • Transferring a customer’s project data to another customer.
  • Copying code written for one customer and sending it to another customer.
  • Sharing code on public forums without the owner’s consent, such as asking for a solution to a problem.
  • Using the same test model for different customers. Test models are considered IP and may only be used in projects owned by the IP owner.

What can be done for protection?

The most obvious safeguard tools that may already exist in an organization and protect data include:

  • CRM tools. They can maintain customer data at a centralized location and account for where data resides to avoid storing data in multiple areas.
  • Two-factor authentication (2FA). It uses short-term passwords or codes, ranging from minutes to a few days, in conjunction with long-term passwords. 2FA can cut down on breaches associated with compromised passwords.

Besides these, the organization may use anti-malware software, encryption, and blockchain to strengthen its data protection mechanism.

What has AMC Bridge done?

It is absolutely crucial for clients to have confidence that their service provider effectively protects their sensitive information. At AMC Bridge, we place great importance on detailed consultations with each client to ensure that we mutually agree on implementing IS requirements.

AMC Bridge adheres to all main safety principles:

  • Control access through password management tools.
  • Servers and employees’ devices are securely encrypted.
  • End devices are monitored for compliance with our security policies.
  • Robust access control policy and management in accordance with the best security principles, such as the Principle of Least Privilege.

The measures and data protection actions that AMC Bridge takes to grant security to its clients’s data are described below.

Security control of physical areas

AMC Bridge has development offices in Poland, Ukraine, Uzbekistan, and India. We use an access control system in all AMC Bridge offices. To enter the facilities, all employees and contractors use personal access cards.

GDPR compliance

General Data Protection Regulation (GDPR) regulates data protection and privacy in the European Union.

AMC Bridge processes data per our responsibilities under the GDPR and follows the standards of information security established in the countries of our operation.

The company ensures that personal data is stored securely using modern, up-to-date software.

ISO/IEC 27001:2013 compliance

With 20+ years of experience in providing engineering software services, AMC Bridge strictly maintains information and cyber security and moves towards standardization in information protection. Considering information security as a critical component of the corporate infrastructure, the company continuously adheres to the ISO requirements. Currently, AMC Bridge processes around 80% of the ISO 27001 SOA matrix. It is expected to achieve full compliance with this standard in 2023.

AMC Bridge implemented certification requirements according to the ISO 27001 standard. The measures taken include but are not limited to the following:

  • Risk assessment
  • Implementation of security controls
  • Regular effectiveness reviews to manage the organization’s information security
  • Network perimeter monitoring
  • Phishing Attack Simulation training
  • Business Continuity and Disaster Recovery Plan
  • Incident Response Plan

To protect the company’s and clients’ sensitive data, AMC Bridge regularly reviews its Information Security Management System (ISMS) for the subject of weak links and improvement.

Data encryption in transit and at rest

We use data encryption in transit for remote and office work. Storage is encrypted on all devices and servers. VPN connections encrypt access to the company’s network.

Network and perimeter protection monitoring

Our network detects security threats, exploits, malicious activities, malware, spyware, and malicious code in clear-text or encrypted format on the network level and protects against the threads by:

  • Suspicious traffic monitoring:
    • Routers have integrated firewalls and virtual firewalls in the AWS cloud infrastructure.
    • The company’s network for suspicious traffic is under continuous monitoring.
  • Strong Password Policy:
    • Password and access control protects the internal office wireless network.
    • All employees utilize secure authentication.
    • All passwords are stored in a corporate password manager and are changed every 90 days.
  • Security Incident Response Plan:
    • AMC Bridge established the policy to respond to each incident promptly and continuously.
    • All AMC Bridge employees and contractors should report incidents, weaknesses, or suspicious activities detected in our network to the Information Security Team or IT Department.

Client protection: antivirus patches on clients and data storage on portable storage devices

All antivirus patches and database updates are installed automatically, immediately, and centrally enforced.

The AMC Bridge Security Policy and Active Directory rule prohibit using external USB storage. We use only an encrypted cloud with strict access control to share files.

Cyber awareness and phishing attack simulation training

Upon joining AMC Bridge, all employees undergo mandatory cybersecurity training that covers essential IS topics such as social engineering, common types of cyber attacks, and effective response actions against them. We provide training recurrently to ensure that our employees remain up-to-date with the latest threats and best practices.

Summary and further plans

For AMC Bridge, a global company with remote teams from different countries, information security is vital for steady business. The Information Security Management System is subject to continuous, systematic review and improvement to protect the company’s and clients’ sensitive data. After all, something can always be improved, especially in the information security field. To make AMC Bridge’s system stronger, the next steps are these:

  1. To complete an external audit to certify to the Security Operations Center (SOC) framework.
  2. To research new security models, like Zero Trust Network Access (ZTNA).

About AMC Bridge

AMC Bridge is a global software development consultancy serving engineering, manufacturing, and construction industries. Since 1999, we have enabled digital transformation for our clients by creating custom software solutions that eliminate data silos, connect complex applications, unlock internal innovation, and democratize cutting-edge technologies. AMC Bridge’s software development experts use extensive experience with APIs of the majority of engineering software solutions and platforms, as well as in-depth knowledge of computational geometry, 3D visualization, and other advanced technologies to solve our clients’ critical business needs.