RELIANOID ISO/IEC 27034 Compliance

Last Reviewed: July 2025
Next Review Due: July 2026

ISO/IEC 27034 Compliance Statement

Application Security Alignment for RELIANOID Load Balancer and Organizational Practices

At RELIANOID, security is engineered into every phase of our product and operations. We are aligned with the principles and processes of ISO/IEC 27034 (Application Security), integrating security requirements, validation, and governance across the full application lifecycle of the RELIANOID Load Balancer and our supporting services.

While RELIANOID is not certified under ISO/IEC 27034, our policies, controls, and technical measures are mapped to its Application Security Management Process (ASMP) to help customers in regulated sectors—including finance, healthcare, government, and enterprise—achieve secure-by-design deployments across on-premises and cloud environments.

Company & Organizational Context

  • Legal Entities: RELIANOID LLC (New Mexico, USA) and RELIANOID SL (Spain, EU)
  • Industries Served: Telco, Healthcare, Public Sector, Finance among others
  • Key Markets: USA and Europe, with strong focus on regulatory compliance
  • Governance: Security compliance is overseen by our CEO, CTO, and COO together with the compliance team to ensure robust organizational and product-level security

Scope of Alignment

Our alignment encompasses:

  • Platform: RELIANOID Load Balancer (on-prem, private/public cloud, hybrid)
  • Processes: Secure software development, testing, release, deployment, and support
  • Organization: Security governance, risk management, third-party oversight, and incident response

Application Security Governance (ASMP)

We apply ISO/IEC 27034’s governance concepts to ensure consistent, auditable application security:

Policy & Risk Management

  • Documented application security policies maintained in internal wiki with automatic version control and reviewed after each release
  • Security requirements tracked via issues in our Gitea platform, raised by clients, internal teams, or pre-sales requests
  • Lifecycle risk assessments through functional, integration, and platform-level testing

Roles, Responsibilities & Shared Responsibility

  • Defined ownership across product, engineering, security, and operations
  • Clear shared responsibility guidance for customers in cloud and on-prem deployments
  • Leverage open source components enabling public audits, code reviews, and improved supply chain security

Secure Development Lifecycle (SSDLC)

RELIANOID embeds security into design, build, and release:

  • Secure design reviews, brainstorming, and threat modeling with focus on availability, scalability, and usability
  • Automated SAST (perlcritic scripts integrated with CI/CD), DAST (online pentesting tools), and quarterly reports with improvements
  • Dependency management via GPG official repositories to ensure software authenticity
  • Compliance with OWASP ASVS and CERT secure coding standards
  • Dedicated local, organizational, and preproduction environments separated from production

Security Functional Controls

The platform includes:

  • Access control: RBAC, SSO, LDAP, and Active Directory integrations
  • Authentication: MFA portals integrated with RADIUS, LDAP, AD, Google Captcha v2, and TOTP apps
  • Cryptography: TLS v1.2 and v1.3, at-rest encryption, customer-managed keys, and strong SSL ciphers by default
  • Auditability: Log retention for 7 days, multiple log levels, and SIEM integration
  • Security modules (IPDS): Blacklists/Whitelists (preloaded, geolocated, and custom), DNS-BL (RBL), DDoS protection (rate limiting, SYN/RST/TCP filters), Web Application Firewall (OWASP CRS and custom rules)
  • Configuration security: Secure defaults and least-privilege measures embedded by design

Application Security Verification & Testing

  • Internal penetration tests conducted twice per quarter
  • External assessments executed by independent testers under RELIANOID’s oversight
  • Vulnerability remediation SLA: Critical < 24h, Medium < 7 days, Low < 30 days
  • Currently aligning with ISO/IEC 27001, SOC 2, and other security standards

Operational Security & Monitoring

  • Change and release management follows 3-month iteration cycles (Community and Enterprise Editions)
  • Incident response via Customer Portal → Gitea escalation → hotfix deployment after QA validation
  • Monitoring includes external vulnerability feeds, zero-day detection, and in-house infrastructure monitoring
  • Secure provisioning and decommissioning with automated Ansible workflows

Lifecycle & Decommissioning

  • Versioned releases with detailed release notes and migration guidance
  • Patch advisories for security updates
  • Automated secure key management and decommissioning

Customer Guidance for Regulated Environments

We support customers with:

  • Deployment and security hardening guides for on-prem and cloud platforms
  • Support for security questionnaires and attestations managed by our compliance team
  • SLA-backed enterprise support with engineer escalation for urgent cases

Commitment to Continuous Improvement

RELIANOID continuously enhances application security through:

  • Quarterly security training for developers and staff
  • Planned annual roadmap for platform and infrastructure security enhancements
  • Continuous quarterly security reports with improvements and new controls
  • Progressive alignment with ISO/IEC 27001, 27017, 27018, and sector-specific frameworks

Document Reviews

DateComment
31st July 2025Document creation
3rd September 2025Added company context, ASMP details, SSDLC practices, expanded security features, verification/testing, operational security, customer guidance, and continuous improvement

Contact and Assurance

We welcome requests for detailed security documentation, risk mapping matrices, or compliance disclosures.

Contact our Compliance & Security Team

Download Latest Security Report