Security & Infrastructure
At Silentium Capital, security is not a feature, but a foundation. Our infrastructure is built to military-grade information security standards.
01. Security philosophy
Our approach to information security is based on the principle that security is not a feature added after the fact, but a fundamental property integrated into every aspect of our operations. We employ a defense-in-depth strategy with multiple security layers, where no single component of our infrastructure is considered fully secure on its own.
02. Technical measures
Our technical security measures include: (a) Encryption: all data traffic is secured with TLS 1.3 or higher; stored data is encrypted with AES-256; (b) Access control: multi-factor authentication is mandatory for all administrative access; access is granted based on the need-to-know principle; (c) Network security: zero-trust architecture where every access request is verified; segregated network segments for different operations; (d) Monitoring: continuous monitoring of systems and network traffic for anomalous behavior; automated detection of potential threats.
03. Organizational measures
In addition to technical measures, we implement: (a) Security policy: documented procedures and guidelines for information security; (b) Access management: regular review of access rights; immediate revocation upon termination of employment; (c) Awareness: periodic awareness training for employees; (d) Vendor management: due diligence and contractual security requirements for suppliers; (e) Incident response: documented procedures for detecting, reporting and handling security incidents.
04. Data residency
Data is stored within data centers in the European Union that meet recognized security standards. Our infrastructure is managed by our technology division and selected partners who meet strict security requirements. We do not transfer data to jurisdictions outside the EEA without appropriate safeguards in accordance with GDPR.
05. Vulnerability Disclosure
We encourage responsible disclosure of security vulnerabilities. If you discover a potential vulnerability in our systems, we request that you: (a) report the vulnerability via security@silentiumcapital.nl or our /.well-known/security.txt file; (b) do not exploit or disclose the vulnerability before we have had the opportunity to remediate it; (c) provide sufficient information to reproduce the vulnerability. We aim to acknowledge all reports within 5 business days and work towards a coordinated solution.
06. Security incidents
In the event of a security incident that may affect personal data: (a) we document the incident and the measures taken; (b) we report the incident if required to the Dutch Data Protection Authority in accordance with Art. 33 GDPR (within 72 hours of discovery); (c) we inform affected individuals if the incident is likely to result in a high risk to their rights and freedoms (Art. 34 GDPR); (d) we evaluate the incident to prevent recurrence.
07. Continuous improvement
Information security is an ongoing process. We: (a) regularly evaluate the effectiveness of our security measures; (b) periodically conduct security audits and penetration tests; (c) monitor developments in the threat landscape; (d) adjust our security policy based on new insights and risks. This security policy is reviewed at least annually.
08. Contact
For questions about our security policy or to report a security incident: (a) Email: security@silentiumcapital.nl; (b) Security.txt: /.well-known/security.txt. For urgent security incidents, please indicate this clearly in the subject line.