enmacc Trust Centre

Email Authentication and Security Standards

We are committed to ensuring the security of all communications, including email, to protect both our organisation and our valued customers from potential threats such as phishing, spoofing, and unauthorised access. 

All emails sent from our domain are authenticated using industry-standard protocols, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting, and Conformance) and BIMI (Brand Indicators for Message Identification). These measures help ensure that emails you receive from us are legitimate and have not been tampered with.

Verify here our DMARC and BIMI records.

Emails are transmitted using TLS (Transport Layer Security) to ensure data integrity and prevent unauthorised interception.

Emails from enmacc

Our emails are always sent from addresses ending in @enmacc.com. We never ask you to provide sensitive personal information (e.g. passwords) via email.

enmacc is a cloud-based Software-as-a-Service offering and uses Amazon Web Services (AWS) as the cloud hosting provider. As such, cloud security standards are rigorously enforced to ensure safety and security across our offering. enmacc’s data location is Germany. 

Cloud Security

enmacc uses a variety of tools and services to secure its cloud environment. This includes DDoS protection measures and active application security monitoring with services like AWS WAF (Web Application Firewall), AWS Cloudwatch and AWS GuardDuty.

Tenant Isolation

The enmacc trading platform is based on a multi-tenancy architecture. Sophisticated business logic ensures that data is uniquely identified and that it is only available and visible to authorised users. For example, users and companies are assigned unique identifiers that allow precise querying and modification of data. 

Data Auditing

enmacc keeps track of data creation and modification and creates audit trails to be able to trace actions if necessary. Audit trails are generated on multiple levels, including AWS Cloud Trail, AWS Cloudwatch and Hibernate Envers.

Data Security

Data is encrypted at rest as well as in transit to ensure its confidentiality and integrity. We enforce encrypted communication and allow only secure encryption algorithms as they are defined in the minimum requirements of the BSI IT-Grundschutz. Transport Layer Security (TLS) is enabled supporting only the versions TLS1.2 and TLS1.3.

You can verify our configuration with popular tools such as: 

• CDN77 TLS Checker: enmacc.com, trading.enmacc.com
• Qualys SSL Labs: enmacc.com, trading.enmacc.com

Authentication security

enmacc requires users to choose secure passwords and enforces a minimum password strength of 12 characters. Multi-Factor-Authentication (MFA) via SMS can be enabled as an additional login requirement. 

Backups

We implement robust data backup practices to ensure the availability and integrity of your information. Regular backups are performed on secure and encrypted storage systems, with redundant copies maintained to safeguard against data loss from unexpected events.

Backups of the primary data storages are never older than 24 hours and are synced into multiple AWS regions and accounts for additional security. Databases can be rolled back with a one minute granularity to minimise the potential impact that data corruption or loss of data can have.

Browser Security and Requirements 

To ensure the best user experience and security on the client side, enmacc supports specific browsers and requires minimum versions.

enmacc is committed to maintaining the highest security standards and ensuring the protection of data. As part of our ongoing efforts to safeguard information, we are conducting comprehensive penetration tests on a regular schedule. This proactive measure is designed to identify and address potential vulnerabilities in our systems before they can be exploited.

The penetration tests are executed by SecurityWall.

At enmacc, security is embedded into every stage of our software development lifecycle to ensure our products and services remain safe and reliable.

Key practices include:

• Secure coding standards: Developers adhere to industry best practices to minimise vulnerabilities.
• Threat modelling: We identify and address potential security risks during design and development.
• Merge request & code reviews: Every code change is reviewed by multiple peers before it is allowed to be merged. Automated tools are used to detect and remediate vulnerabilities in the codebase.
• Regular testing: Our systems undergo rigorous security testing, including static and dynamic analysis, penetration testing, and vulnerability scanning.

By integrating security into our development process, we aim to deliver products that protect your data and uphold your trust. 

Our Disaster Recovery (DR) and Business Continuity Management (BCM) strategies strive for a quick recovery and continuation of operations, minimising impact to our customers and stakeholders.

Key components of our approach include:

• Risk assessment and planning:
  We identify potential risks, such as natural disasters, cyberattacks, and system failures, and develop tailored response plans to address each scenario.
• Redundant systems and data backups:
  Critical systems and data are replicated across multiple secure locations, providing availability in case of localised disruptions. Regular backups are performed and tested for data integrity and rapid restoration.
• Disaster recovery testing:
  Periodic simulations and testing of our DR plans validate their effectiveness so our teams are prepared to execute them seamlessly.
• Business continuity plans:
  Comprehensive plans are in place to maintain essential operations during a disruption, including predefined workflows and prioritised resource allocation.
• Rapid Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO):
  We define clear RTOs and RPOs to minimise downtime and data loss, providing a swift return to normal operations.
  • RTO: 12 hours
  • RPO: 24 hours
• Team readiness and training:
  Our teams are trained regularly in disaster recovery and crisis management to respond effectively to emergencies.

Through robust DR and BCM practices, we aim to provide uninterrupted services and safeguard your trust, even in challenging circumstances. These strategies are continually reviewed and updated to adapt to new risks and technologies.

At enmacc, we are dedicated to upholding the highest ethical standards in every aspect of our business. This commitment is deeply rooted in our core values and guides our actions as we strive to build trust with our employees, customers, partners, and society.

• Fostering a secure and respectful work environment:
  We prioritise the well-being of our employees by creating a safe, inclusive, and supportive workplace. We are committed to fair labour practices, equal opportunities, and fostering a culture of mutual respect and collaboration.
• Responsible resource management:
  We recognise our responsibility to use resources sustainably and efficiently. As part of our environmental commitment, we aim to minimise waste, reduce our carbon footprint, and integrate sustainability into our business practices.
• Careful selection of partners and service providers:
  To uphold our ethical principles, we work only with sub-processors and service providers who share our values. We conduct thorough due diligence to ensure that our partners operate responsibly, avoiding any association with child labour, corruption, or other unethical practices.

This ongoing commitment underscores our dedication to minimising risks, ensuring compliance with global standards, and fostering long-term trust among all stakeholders. Together, we strive to contribute positively to the environment, society, and the communities we serve.