Trust Center
Our security framework is designed to support a wide range of industry standard controls to ensure robust protection of your data and infrastructure. We comply with established best practices and regulatory requirements.
Compliance
SOC2 Type II
SOC 2 Type II is a rigorous auditing standard that evaluates an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy. Achieving SOC 2 Type II compliance demonstrates our commitment to maintaining a high level of data security and operational excellence.
ISO 27001
ISO 27001 is an internationally recognized standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring it remains secure. By adhering to ISO 27001, we ensure that our data protection measures are robust and comprehensive, safeguarding your information against potential threats.
Controls
| Product Security | Infrastructure Security | Data Security | |||
|---|---|---|---|---|---|
| Role-Based Access Control | ✅ | Physical Security | ✅ | Encryption at-rest | ✅ |
| Single Sign-On (SSO) | ✅ | ZTNA / VPN | ✅ | Encryption in transit | ✅ |
| Audit Logging | ✅ | Load Balancers | ✅ | Password Hashed (Argon2id) | ✅ |
| Data Security | ✅ | TLS/SSL Support | ✅ | Data remains in your environment | ✅ |
| OWASP Standard | ✅ | Least Privilege Principle | ✅ | ||
| ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | |||
Application Security | Privacy and Data Management | Reports | |||
| Secure SDLC | ✅ | Secure Data Storage | ✅ | Network Diagram | ✅ |
| Code Reviews | ✅ | Data Handling | ✅ | Architecture Diagrams | ✅ |
| Secret Detection | ✅ | Data Minimization | ✅ | Penfield App Architecture | ✅ |
| Code Analysis | ✅ | Data Storage | ✅ | Pentest Report | ✅ |
| Container Scanning | ✅ | Data at Termination | ✅ | ||
| Dependency Scanning | ✅ | ||||
| Security Vulnerabilities | ✅ | ||||
| ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | |||
Access Control | Corporate Security | Security Grades | |||
| Data Access | ✅ | Email Protection | ✅ | Qualys SSL Labs | ✅ |
| Logging | ✅ | Employee Training | ✅ | ||
| Password Security | ✅ | Incident Response | ✅ | ||
| Monitoring and Logging | ✅ | Endpoint Security | ✅ | ||
| Identity Management | ✅ | ||||
| MFA | ✅ | ||||
| ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | ⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤⏤ | |||
Policies | Legal & HR | Support | |||
| Acceptable Use Policy | ✅ | Privacy Policy | ✅ | Customer Support | ✅ |
| Access Control Policy | ✅ | Background Check | ✅ | SLA | ✅ |
| Information Security Policy | ✅ |