Security

We maintain compliance with AICPA SOC 2 Type 2 requirements and have done so since 2021.

We conduct regular internal audits to ensure adherence to security policies and procedures.

We collaborate with external auditors to validate ongoing compliance and maintain certification.

We maintain privacy compliance with GDPR and consumer data security and privacy laws passed by US States.

We implement encryption protocols to safeguard Personally Identifiable Information (PII) both in transit and at rest using 256-bit AES and TLS 1.2 encryption.

We implement and maintain strict access controls, multi-factor authentication (MFA), and role-based access to limit data exposure.

We regularly review and update data retention policies to ensure compliance and minimize data exposure.

We implement advanced threat detection tools and intrusion prevention systems to monitor network traffic for anomalies.

We conduct real-time analysis of logs and alerts to identify potential security incidents promptly.

We use a Security Operations Center and a Managed Detection and Response platform to monitor and respond to threats, 24 hours a day.

We perform thorough security assessments of third-party tools and services.

We ensure that all vendors adhere to industry best practices and maintain high security standards.

We regularly audit and monitor third-party access and interactions with sensitive data.

We review security processes for the secure software development life cycle (SDLC) to ensure that security is built into every stage of the development process.

We conduct regular code reviews, vulnerability assessments, and penetration testing to identify and remediate potential weaknesses.

We increase security visibility into engineering projects to identify security gaps and strengthen secure code hygiene.

We conduct regular cybersecurity training for all employees to educate them about the latest threats, best practices, and security policies.

We foster a culture of security awareness, encouraging employees to report suspicious activities promptly.

We implement regular phishing simulations to enhance employees’ ability to identify and respond to social engineering attacks.

We have developed and maintain a comprehensive incident response plan to address verified potential security breaches swiftly and effectively.

We conduct regular incident response drills and tabletop exercises to ensure readiness.

We are prepared to establish clear communication protocols with stakeholders and regulatory bodies in the event of any verified breach.

We implement a robust data backup and disaster recovery strategy to ensure business continuity in case of data loss or system failure.

We regularly test and update the disaster recovery plan to reflect changes in our organization’s infrastructure.

We hire security talent and establish clear roles and responsibilities within our organization’s cybersecurity team.

We develop and maintain an information security program that ensures accountability and oversight of security initiatives.

We deploy a fit for purpose security program. That means making sure our security program is aligned with our strategic mission.

We regularly review and update our cybersecurity strategy to adapt to evolving threats and technological advancements.

We encourage a culture of continuous improvement by soliciting feedback from all stakeholders and incorporating lessons learned from security incidents.

We ensure consistent and updated communication of security and compliance updates to all of our teams.

Our security assessment procedures are well documented. Updates are reviewed regularly and communicated to all of our teams.