EXtrance’s Organizational Security
- We have an Information Security Program in place that adheres to the SOC 2 Framework criteria and is communicated throughout the organization.
- Our security and compliance controls are independently assessed by third-party audits and penetration testing annually.
- Roles and responsibilities related to information security and customer data protection are well defined and documented.
- Our team members are required to undergo security awareness training and sign an industry-standard confidentiality agreement.
- Background checks are performed on all new team members as per local laws.
Cloud Security:
- All our services are hosted on [AWS | GCP | Azure] platforms that employ multiple certifications and robust security measures.
- Our data is hosted on [AWS | GCP | Azure] databases that are encrypted at rest and located in the United States.
- Our applications encrypt data in transit with TLS/SSL only.
- We actively perform vulnerability scanning and monitor cloud services for threats.
- We have a process for handling security events, including escalation procedures and rapid mitigation.
Access Security:
- Access to sensitive tools and cloud infrastructure is restricted to authorized employees only.
- We follow the principle of least privilege access control and conduct quarterly access reviews of all team members.
- We have strong password policies and require adherence to a minimum set of password requirements and complexity.
- We utilize password managers on company-issued laptops to maintain password complexity.
Vendor and Risk Management:
- We undergo at least annual risk assessments to identify potential threats, including fraud considerations.
- Vendor risk is evaluated, and appropriate vendor reviews are conducted before authorizing a new vendor.
If you have any security-related questions, concerns, or wish to report a potential security issue, please email security@extrance.org.