TERMS & POLICIES
Third Party Validation
Third Party Validation
Vendor management and due diligence are best practices for all organizations, particularly financial firms and other highly regulated organizations. To assist customers with this process, we engage third party auditors to conduct regular testing on our services, internal controls, and data centers. We make the resulting reports available to customers on request.
Third Party Validation
SOC 2
SOC 2 audits test and report on the design, as well as operating effectiveness of non-financial internal controls, at cloud vendors. These audits are based on Trust Service Principles that cover policies, communications, procedures, and monitoring.
ISO 27001
ISO 27001 is an internationally recognized, standards-based approach to security. It outlines requirements for a company’s Information Security Management System (ISMS).
Consensus Assessment Initiative Questionnaire
The Consensus Assessment Initiative Questionnaire (CAIQ) is a compilation of questions that correspond to the controls of Cloud Security Alliance (CSA)’s Cloud Controls Matrix (CCM), a cybersecurity controls framework for cloud computing. It offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. The CAIQ is issued by the Cloud Security Alliance (CSA), a global organization dedicated to defining best practices to help ensure a secure cloud computing environment.
Independent Penetration Testing
An independent auditor completes periodic security penetration testing (“ethical hacking”) with respect to our key internet-facing systems and applications, and provides us with formal reports of the penetration test results. This testing simulates access attempts by unauthenticated individuals to identify, validate, and attempt to exploit vulnerabilities that might be used by attack agents (e.g. malicious persons on the internet and cyber criminal organizations).