Turnkey Lender is an ISO 27001:2013 certified company.
The certificate (attached below) is to confirm that all processes of development, testing and customer data processing comply with the policies and procedures of ISO 27001:2013.
Our software Architecture is in line with the NIST (Guide to Secure Web Services) and OWASP standards. The software meets the requirements for Identification and Authentication, Authorization, Integrity, Non-Repudiation, Confidentiality, and Privacy.
From the technical perspective:
(1) Web application is immune to XSS, script and SQL injection and other attacks;
(2) Sensitive information is sent only via the HTTPS protocol;
(3) Sensitive information is processed on the server side only;
(4) All passwords are encrypted and then stored in DB as Salted Hash;
(5) The application supports two-factor authentication for its users;
(6) Password management policies can be flexibly customized (such as password strength and two-factor authentication);
(7) The application implements a temporary user lockout feature, which takes places after several consequent failed authentication attempts;
(8) Anti-DDoS throttling protection;
Furthermore, we employ a certified ISO 27001 auditor, who has a Ph.D. in Cyber Security. He constantly supervises our operation and guarantees that our new features and releases are fully compliant with ISO 27001.