SynoCores
Security

Security Practices

How SynoCores protects client environments, handles data, and manages access throughout every engagement.

Our Security Commitment

We are an IT security company. Security is not a box we check — it is how we operate. Every engagement is governed by strict access controls, documented change management, and clear scope boundaries. Our clients trust us with their most sensitive systems, and we take that seriously.

Client Environment Access

We work inside client-approved environments using delegated, least-privilege access. For Microsoft 365 and Azure, we support Azure Lighthouse and GDAP (Granular Delegated Admin Privileges) — structured, auditable, time-bound access that you can revoke at any time.

  • No permanent global admin access requested
  • Azure Lighthouse for multi-tenant Azure management
  • GDAP for Microsoft 365 and Entra ID work
  • All access grants and revocations documented

Credential & Secret Handling

We never store client credentials in plain text or share them through unsecured channels. Temporary credentials used during engagements are rotated or revoked at project close.

  • Credentials transmitted only via encrypted channels
  • Service accounts created with minimum required permissions
  • Credentials revoked or transferred at engagement end
  • No use of personal accounts for client work

Change Management

All changes to production environments are documented, reviewed, and approved before execution. We maintain change logs for every engagement.

  • Written change requests before production changes
  • Pre-change testing and validation
  • Rollback plans for significant changes
  • Change logs available to clients on request

Staff and Contractor Vetting

Our consultants and contractors undergo background checks for client engagements where required. We manage access provisioning and de-provisioning for all personnel.

  • Background checks per client requirements
  • Access provisioned only for assigned scope
  • Access revoked immediately at engagement end
  • NDAs executed before project start

Data Handling

Client data encountered during engagements is accessed only as required for the agreed scope. We do not copy or retain client data after engagement close unless specifically required for documentation.

  • Data accessed only as required by SOW scope
  • No retention of client data post-engagement
  • Encrypted data in transit (TLS 1.2+)
  • Sensitive data handled per client data classification

Incident Response

In the unlikely event of a security incident affecting client systems or our own, we have a documented incident response process. We notify affected clients promptly and cooperate fully with any investigation.

  • Prompt client notification of security incidents
  • Documented incident response procedures
  • Cooperation with client incident response teams
  • Post-incident documentation and lessons learned

Security Frameworks We Follow

Our security practices align with industry-recognized frameworks. We follow these frameworks — they do not represent formal certifications held by SynoCores.

NIST Cybersecurity Framework

Our security approach aligns with NIST CSF Identify, Protect, Detect, Respond, and Recover functions.

Microsoft Zero Trust

We apply Zero Trust principles (verify explicitly, use least privilege, assume breach) in client environments.

Azure Security Benchmark

Our Azure work follows Microsoft Cloud Security Benchmark (MCSB) guidance.

CIS Controls

We reference CIS Critical Security Controls for endpoint security and vulnerability management engagements.

A Note on Client Tenant Work

For organizations using Microsoft Azure and Microsoft 365, our preferred access model is documented and structured:

Azure: Azure Lighthouse

Allows us to manage Azure resources across customer tenants with full audit visibility, role-based access, and revocable delegation — without logging into your tenant with shared credentials.

Microsoft 365: GDAP

Granular Delegated Admin Privileges provides time-bound, role-specific access to Microsoft 365 services. Far more secure than legacy DAP (global admin) access.

“SynoCores works within client-approved environments using secure delegated access, least-privilege permissions, SOW-based scope control, and documented change management.”

Security Questions or Concerns?

If you have a security concern about our practices, or need to report a potential vulnerability, please contact our security team directly.

security@synocores.com General Contact