// Trust & Security

Trust & Security

Skopion runs its own infrastructure with the same diligence applied in client engagements — transparently documented, without overstated claims.

Transport & web security

TLS 1.3, externally rated SSL Labs A+
HTTPS enforced, HSTS (1 year, includeSubDomains)
Modern security headers: CSP, X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Referrer-Policy, Permissions-Policy

Application security

OWASP ASVS v5.0 Level 1 — internal self-verification (OWASP does not certify; self-verification)
Contact form protected against automated abuse (Cloudflare Turnstile)
No technology-stack disclosure, clean error handling

Data protection (GDPR)

Technical and organizational measures; no third-party trackers or analytics
Only a strictly-necessary language cookie; contact solely via the secured form

Secure communication

Published security.txt (RFC 9116) and PGP key for encrypted first contact
Responsible disclosure welcome

Readiness & training

Self-assessment against CIS Controls v8 (Implementation Group 1)
Ongoing awareness and skills training (Global Cyber Alliance, EC-Council, Linux Foundation); completion records kept internally

Operations

Key-based access with multi-factor authentication (MFA)
Encrypted off-site backups; secure default configuration; rollback-safe deployments

Privacy Secure contact (PGP)

These points are internal self-assessments and readiness measures — not a third-party certification or external audit. External ratings (e.g. SSL Labs) are independently verifiable.