Skip links
Request Demo

Login

Request Demo

Login

Commitment to Security

Organizational Security

  • Information Security Program.We have an Information Security Program in place that is communicated throughout the organization. Our Information Security Program follows the criteria set forth by the SOC 2 Framework. SOC 2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
  • Third-Party Audits. Our organization undergoes independent third-party assessments to test our security and compliance controls.
  • Third-Party Penetration Testing. We perform independent third-party penetration at least annually to ensure that the security posture of our services is uncompromised.
  • Roles and Responsibilities. Roles and responsibilities related to our Information Security Program and the protection of our customers’ data are well-defined and documented. Our team members are required to review and accept all security policies.
  • Security Awareness Training. Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
  • Background Checks. We perform background checks on all new team members in accordance with local laws.

Cloud Security

  • Cloud Infrastructure Security. All our services are hosted with Microsoft Azure. They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit https://azure.microsoft.com/en-gb/explore/trusted-cloud/.
  • Data Hosting Security. All our data is hosted on Microsoft Azure databases. These databases are all located in the United States. Please reference the above vendor-specific documentation linked above for more information.
  • Encryption at Rest. All databases are encrypted at rest.
  • Encryption in Transit. Our applications encrypt in transit with TLS/SSL only.
  • Vulnerability Scanning. We perform vulnerability scanning and actively monitor for threats.
  • Logging and Monitoring. We actively monitor and log various cloud services.
  • Business Continuity and Disaster Recovery. We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
  • Incident Response. We have a process for handling information security events which includes escalation procedures, rapid mitigation, and communication.

Access Security

  • Permissions and Authentication. Access to cloud infrastructure and other sensitive tools is limited to authorized employees who require it for their roles. Where available, we have Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies to ensure access to cloud services is protected.
  • Least Privilege Access Control. We follow the principle of least privilege with respect to identity and access management.
  • Password Requirements. All team members are required to adhere to a minimum set of password requirements and complexity for access.

Vendor Risk Management

Vendor Risk Management. Vendor risk is determined, and the appropriate vendor reviews are performed prior to authorizing a new vendor.

Contact Us

If you have any questions, comments or concerns or if you wish to report a potential security issue, please get in touch with [email protected]