ɫ��ֱ��

Security Program and Risk Management

ɫ��ֱ�� has established a comprehensive security program based on AICPA Trust Services Criteria (TSC) 2017 for security, confidentiality, availability, processing integrity, and privacy.

ɫ��ֱ�� performs an annual risk assessment to gain an accurate and comprehensive identification, review, and remediation of risks and vulnerabilities that may impact the platform's commitment to security, confidentiality, availability, processing integrity, and privacy.

Compliance

ɫ��ֱ�� platform is SOC 2 Type 2 compliant against security, confidentiality, availability, processing integrity, and privacy.

For a copy of the SOC 2 Type 2 report, please submit a request to and inform your account manager.

Data encryption in-transit and at-rest

ɫ��ֱ�� enforces TLS1.2 and above for data in transit between its users and the platform.

ɫ��ֱ�� production data is encrypted at rest using AES-256 encryption.

‍

SAML 2.0 SSO

ɫ��ֱ�� supports the industry standard SAML 2.0 protocol for authentication using an external identity provider.

Confidentiality and Monitoring

ɫ��ֱ�� enforces principles of least privilege and enforces access to data on a need to know and operate basis.

ɫ��ֱ�� has established extensive audit and monitoring controls to help ensure auditability of access functions performed internally and externally.

ɫ��ֱ�� platform enforces granular role-based access control for its users.

Network Protections

ɫ��ֱ�� has implemented private networking, firewalls, and segmentation controls through its suppliers to ensure alignment with best practices on its network infrastructure.

Penetration Testing

ɫ��ֱ�� performs targeted and general penetration testing on its platform on at least an annual basis.

Vulnerability Management

ɫ��ֱ�� performs real-time static code analysis for core application code as part of the deployment process.

ɫ��ֱ�� performs container vulnerability scanning as part of its deployment process.

ɫ��ֱ�� has established a vulnerability management process that addresses risks in the following target SLA:

Zero Day / Critical: 7 days

High: 30 days

Medium: 90 days

Low/Info: 180 days+ (dependent on overall risk assessment)

Supplier Risk Management

ɫ��ֱ�� has implemented a comprehensive supplier risk management policies and procedures to ensure protection of assets and data that are accessible by its suppliers and to establish standards for information security, privacy, and service delivery from its suppliers.

Human Resources Security

ɫ��ֱ�� conducts background checks for all applicants selected for full-time employment.

ɫ��ֱ�� employees and related entities are subject to continuous security awareness training with a minimum annual cadence.

Business Continuity and Availability

ɫ��ֱ�� has documented and implemented a business continuity and disaster recovery plan that may be activated in case defined disruptions.

ɫ��ֱ�� enforces automated daily backups for its databases on multiple zones.

ɫ��ֱ�� tests its business continuity and disaster recovery scenarios at least annually.

Reliability and Capacity Monitoring

ɫ��ֱ�� has a comprehensive monitoring system that helps to ensure the reliability of the platform and its related components.

Bug Bounty and Vulnerability Reports

ɫ��ֱ�� does not currently have a formal bug bounty program but we encourage all researchers to submit identified vulnerabilities with a summary and a proof of concept (POC) to security@partnerstack.com and our team will respond as soon as possible.