Security Statement
Introduction
Our security measures are designed to encompass the entire spectrum of data protection. We utilize these security protocols to detect, prevent, and respond promptly to any potential threats or vulnerabilities that may arise. Whether it's proactively identifying emerging risks, implementing preventive measures to mitigate those risks, or reacting swiftly and effectively when incidents occur, our approach to security is comprehensive and dynamic. We understand the importance of not only identifying security issues but also taking swift action to maintain the integrity and confidentiality of your data and information.
The controls listed below are consistently implemented and subjected to regular internal evaluations, as well as assessments conducted by the SOC2 auditor. These measures are enforced to obtain reasonable assurance that we maintain the necessary safeguards to secure both our assets and those of our customers.
Data Encryption
Data at rest and in transit is encrypted. This includes the use of SSL/TLS for data in transit and encryption of data stored in databases.
Access Control
Role-based access control (RBAC) ensures that only authorized users can access specific resources within the application.
Authentication and Authorization
Robust authentication mechanisms are critical. These include identity providers, single sign-on (SSO), Multi-factor authentication (MFA), and the ability to integrate with existing identity systems.
Audit Trails and Metric
Detailed audit logs are generated to record user activities and system events. These logs are useful for both security monitoring and compliance purposes. Metrics are produced for system health checks.
Firewalls and Network Security
Firewalls and network security groups are implemented to control incoming and outgoing traffic. This helps prevent unauthorized access to applications and data.
Security Monitoring and Incident Response
Continuous monitoring of the application for performance impacts and security threats, and a well-defined incident response plan in case of a security breach.
Data Backups and Recovery
Regular data backups and disaster recovery plans to ensure business continuity in case of data loss or system failures.
Vulnerability Scanning and Patch
Regularly scan for vulnerabilities and apply software updates to keep the system secure and up-to-date.
Business Continuity and Disaster Recovery
Have a plan in place to ensure that the service remains available even in the face of unexpected disruptions.
Compliance Certifications
We comply with relevant industry standards and regulations (e.g., GDPR, SOC 2).
Data Isolation
Data belonging to different customers are logically separated to prevent data leakage.
Secure Software Development
Secure coding practices are followed during the development of the SaaS application to prevent common vulnerabilities.
Regular Security Audits and Penetration Testing
Periodic security audits and penetration testing are conducted to identify and rectify vulnerabilities.
Privacy Controls
We Implement privacy controls to protect sensitive user data and comply with data protection regulations.
45 Prospect Street | Cambridge, MA 02139
2024 © GivingData LLC All Rights Reserved | Privacy Notice | Trust Center