Organizational Security

EXtrance’s Organizational Security

  • We have an Information Security Program in place that adheres to the SOC 2 Framework criteria and is communicated throughout the organization.
  • Our security and compliance controls are independently assessed by third-party audits and penetration testing annually.
  • Roles and responsibilities related to information security and customer data protection are well defined and documented.
  • Our team members are required to undergo security awareness training and sign an industry-standard confidentiality agreement.
  • Background checks are performed on all new team members as per local laws.

Cloud Security:

  • All our services are hosted on [AWS | GCP | Azure] platforms that employ multiple certifications and robust security measures.
  • Our data is hosted on [AWS | GCP | Azure] databases that are encrypted at rest and located in the United States.
  • Our applications encrypt data in transit with TLS/SSL only.
  • We actively perform vulnerability scanning and monitor cloud services for threats.
  • We have a process for handling security events, including escalation procedures and rapid mitigation.

Access Security:

  • Access to sensitive tools and cloud infrastructure is restricted to authorized employees only.
  • We follow the principle of least privilege access control and conduct quarterly access reviews of all team members.
  • We have strong password policies and require adherence to a minimum set of password requirements and complexity.
  • We utilize password managers on company-issued laptops to maintain password complexity.

Vendor and Risk Management:

  • We undergo at least annual risk assessments to identify potential threats, including fraud considerations.
  • Vendor risk is evaluated, and appropriate vendor reviews are conducted before authorizing a new vendor.

If you have any security-related questions, concerns, or wish to report a potential security issue, please email security@extrance.org.