Transparency in data processing compliance for secure debt management solutions.
Information Security Program
We've established an Information Security Program that's effectively communicated across our entire company. Our Information Security Program adheres to the guidelines outlined in the SOC 2 Framework, a reputable information security audit process
Third-Party Penetration Testing
We conduct an external third-party penetration test on an annual basis to guarantee the integrity of our service's security stance.
Roles and Responsibilities
Our Information Security Program clearly outlines and documents roles and responsibilities concerning the safeguarding of customer data. Our team members are mandated to review and acknowledge all security policies.
Security Awareness Training
Our team members are obligated to undergo employee security awareness training that encompasses best practices in the industry and information security subjects, including but not limited to phishing and password management
All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
Using a third party background check companies, we perform a thorough background checks on all new team members in accordance with local laws
Cloud Infrastructure Security
We host all our services on Amazon Web Services (AWS), a provider known for its strong security program and numerous certifications. For further details on our provider's security procedures, please visit AWS Security.
Security of Data Hosting
Our data is exclusively hosted on databases provided by Amazon Web Services (AWS), and these databases are situated within the United States. For additional details, please refer to the vendor-specific documentation linked above.
Data Encryption at Rest
All of our databases are safeguarded with encryption while they're at rest.
Data Encryption in Transit
Our applications exclusively utilize TLS/SSL for encrypting data during transmission.
We conduct regular vulnerability assessments and continuously oversee potential threats.
Logging and Surveillance
We actively oversee and maintain logs for a variety of cloud services.
Continuity Planning and Disaster Recovery
We rely on the backup services provided by our data hosting partner to minimize the risk of data loss in the event of hardware failures. We employ monitoring services to promptly alert our team to any issues affecting users.
Response to Incidents
We've established a protocol for addressing security incidents, which encompasses escalation procedures, swift mitigation, and effective communication.
Permissions and User Verification
Access to our cloud infrastructure and other critical tools is restricted to authorized employees with a demonstrated need for such access based on their roles.
Where available, we employ Single Sign-on (SSO), 2-factor authentication (2FA), and stringent password policies to fortify the security of access to cloud services.
Principle of Least Privilege
We adhere to the least privilege principle concerning identity and access management.
Regular Access Audits
We conduct access audits of team members with access to sensitive systems on a quarterly basis.
All team members are obligated to meet specific minimum password criteria and complexity standards for access.
Password Management Tools
Each company-issued laptop incorporates a password management tool for team members to effectively manage passwords and uphold password complexity.