{"id":7826,"date":"2019-01-30T11:53:42","date_gmt":"2019-01-30T11:53:42","guid":{"rendered":"https:\/\/support.loginextsolutions.com\/?p=7826"},"modified":"2026-01-28T09:43:14","modified_gmt":"2026-01-28T09:43:14","slug":"audit-compliance","status":"publish","type":"post","link":"https:\/\/support.loginextsolutions.com\/index.php\/2019\/01\/30\/audit-compliance\/","title":{"rendered":"Audit and Compliance at LogiNext"},"content":{"rendered":"\n\n\n\t
\n\n\t\t<\/i><\/span> Download PDF<\/a>\n\n\t<\/div>\n\n\n\n\n\n

Auditing for most layers and controls above the physical infrastructure remains the responsibility of LogiNext. LogiNext Cloud Partner-defined logical and physical controls are documented in the SOC reports, which are available for review by audit and compliance teams. Other certifications are also available for auditors to review.<\/p>\n

LogiNext Cloud Partner Compliance enables customers to understand the robust controls in place to maintain security and data protection in the cloud. As systems are built on top of the LogiNext Cloud Partner infrastructure, compliance responsibilities are shared.<\/p>\n

By combining governance-focused, audit-friendly service features with applicable compliance and audit standards, LogiNext Cloud Partner Compliance enablers build on traditional programs, helping customers operate within a secure control environment.<\/p>\n

The IT infrastructure that LogiNext Cloud Partner provides to its customers is designed and managed in alignment with security best practices and a wide range of IT security standards, including:<\/p>\n

\u2022 SOC 1\/ SSAE 16\/ ISAE 3402 (formerly SAS 70)<\/p>\n

\u2022 SOC2<\/p>\n

\u2022 SOC3<\/p>\n

\u2022 FISMA<\/p>\n

\u2022 FedRAMP<\/p>\n

\u2022 DOD SRG Levels 2 and 4<\/p>\n

\u2022 PCI DSS Level 1<\/p>\n

\u2022 EU Model Clauses<\/p>\n

\u2022 ITAR<\/p>\n

\u2022 IRAP<\/p>\n

\u2022 FIPS 140-2<\/p>\n

\u2022 MLPS Level 3<\/p>\n

\u2022 MTCS<\/p>\n

Note:<\/strong> “LogiNext Cloud Partner” refers to the cloud computing platforms that host LogiNext applications. LogiNext treats Microsoft Azure and Amazon Web Services as its cloud partners.<\/p>\n

Vulnerability Assessment and Penetration Testing (VAPT)
\n<\/b><\/h4>\n

Vulnerability Assessment and Penetration Testing (VAPT) are two complementary approaches that LogiNext uses to continuously evaluate and strengthen system security. While vulnerability assessments identify existing flaws in applications, networks, or infrastructure, penetration testing attempts to exploit those flaws to determine which ones pose actual risks. Together, they provide a comprehensive view of vulnerabilities and help reduce potential threats.<\/p>\n

VAPT is performed by both:<\/p>\n

1. Internal staff and<\/p>\n

2. Trusted professional testing partners, ensuring appropriate levels of coverage and oversight.<\/p>\n

Additionally, we bring in industry-recognized trusted professional testing partners to perform quarterly penetration testing. The goal of these programs is to iteratively identify flaws that present a security risk and rapidly address any issues.<\/p>\n

Vulnerability Assessment: <\/b>The LogiNext Security team follows a multi-layered approach to vulnerability scanning using industry-recognized tools. These tools detect flaws across our technology stack but do not distinguish between exploitable and non-exploitable issues. Assessments help us locate weaknesses in our code and systems, which we address on an ongoing basis. Vulnerability scans run continuously across internal networks, applications, and corporate infrastructure. Adaptive scanning, updated vulnerability signatures, and continuous monitoring help LogiNext stay ahead of evolving security threats.<\/p>\n

Penetration Testing:<\/strong> Penetration testing evaluates the resilience of hosted applications by simulating real-world attacks. Tests are conducted periodically. These tests attempt to exploit the vulnerabilities in our system to determine whether unauthorized access or other malicious activity is possible and identify which flaws pose a threat to the application. Penetration tests find exploitable flaws and measure the severity of each. This is always conducted in an architecturally equivalent copy of the system with no actual customer data present. The production system is never subject to such tests. Should an individual attempt such a test in the production environment, it will be detected as an intrusion, and the source IP will be blocked. An alert will then be raised to enable release engineers to attend to the incident.<\/p>\n

VAPT Methodologies<\/strong><\/h4>\n

LogiNext considers the following two methodologies for VAPT:<\/p>\n

1. Black Box Testing (Dynamic Application Security Testing): <\/b>In this testing, LogiNext takes an approach similar to that of a real attacker. The security controls, defences, and design of an application are tested from the outside in, with little or no prior knowledge of the application\u2019s internal workings. Since this is a technology-independent method, it is the preferred method of testing by LogiNext and is used for a variety of situations, particularly when testing for vulnerabilities that arise from deployment issues and server misconfigurations. It enables us to cover a wide test coverage with a very low false-positive rate. The entire process of black-box security testing is automated, and it starts by crawling into the application for all links, taking a note of all inputs present on a page, as well as attempting to fingerprint specific technologies the web application is making use of. A mixture of passive (typically during the crawl) and active (typically post-crawl) vulnerability testing techniques is implemented.<\/p>\n

2. White Box Testing (Static Application Security Testing): <\/b>In this approach, our team would have as much information as possible about the target environment, such as an actual employee would possess. This approach is designed to prepare for a worst-case scenario where an attacker has in-depth information about your infrastructure. White Box testing allows us to prepare for scenarios such as insider threats or an attacker who has obtained detailed internal information. This process usually reveals more vulnerabilities and is much faster since the team has transparent access to key information and details required for attacking the organization. This also extends the testing boundaries to areas such as complete source code audit, application design review, etc., which are not usually covered by black-box testing. For some critical and major releases, White Box security testing is done before an application is released into production.<\/p>\n

Certificates and Reports<\/strong><\/h4>\n

Click here to view the VAPT Certificate<\/a><\/p>\n

Click here to view the AWS SOC 1 Type 2 Report<\/a><\/p>\n

Click here to view the AWS SOC 2 Type 1 Report<\/a><\/p>\n

Click here to view the AWS SOC 2 Type 2 Report<\/a><\/p>\n

Click here to view the AWS SOC 3 Report<\/a><\/p>\n

Click here to view the AWS SOC Continued Operations Letter<\/a><\/p>\n

Click here to view the BDO SOC 2 Type 1 Report<\/a><\/p>\n

Click here to view the ISO 27001:2022 Certificate<\/a><\/p>\n

Note: AWS SOC 2 Report shall continue to be in effect till further notice from AWS. Please refer to the AWS SOC Continued Operations Bridge Letter for more details\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Download PDF Auditing for most layers and controls above the physical infrastructure remains the responsibility of LogiNext. LogiNext Cloud Partner-defined logical and physical controls are documented in the SOC reports, which are available for review by audit and compliance teams. … Continued<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[],"tags":[1179,3020,3019,3018,3017,3016,3015,3014,3013,3011,1183,1182,1181,1180,1081,1178,1177,1176,1175,1174,1173,1172,1171,1159,1156,1113,1091],"_links":{"self":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7826"}],"collection":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/comments?post=7826"}],"version-history":[{"count":51,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7826\/revisions"}],"predecessor-version":[{"id":30000,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/posts\/7826\/revisions\/30000"}],"wp:attachment":[{"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/media?parent=7826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/categories?post=7826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/support.loginextsolutions.com\/index.php\/wp-json\/wp\/v2\/tags?post=7826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}