Security at Melhousen Solutions
We're a cybersecurity company. Our own security practices are held to the same standards we set for our clients.
How We Protect Our Systems and Your Data
Encryption in Transit & at Rest
All data transmitted to and from melhousensolutions.com is encrypted using TLS 1.2+. Sensitive data at rest is encrypted using AES-256 via Azure managed encryption keys.
Azure Infrastructure
Our website and products are deployed on Microsoft Azure — a FedRAMP-authorized, SOC 2 Type II, ISO 27001 certified cloud platform with global redundancy.
Content Security Policy
Our website enforces strict Content Security Policy headers to prevent XSS injection attacks and unauthorized resource loading.
Zero Standing Privileges
Administrative access to all production systems follows just-in-time, just-enough-access principles. No persistent privileged accounts exist in production environments.
Audit Logging
All administrative and authentication events are logged to tamper-resistant audit stores with retention periods meeting or exceeding industry compliance requirements.
Security Testing
We conduct periodic security assessments of our own systems — including the same ConsoleSentinel and manual penetration testing practices we apply for clients.
Found a Security Issue?
We take security reports seriously and commit to responding within 2 business days. If you have found a potential vulnerability in any Melhousen Solutions system or product, please report it responsibly.
Read Our Responsible Disclosure Policy →Security Contact
Report vulnerabilities and security concerns directly to our security team. We do not pursue legal action against researchers who follow responsible disclosure practices.
✉ security@melhousensolutions.comPGP key available on request. Response time: within 2 business days.