Organizational Security

EXtrance’s Organizational Security


  • We have an Information Security Program in place that adheres to the SOC 2 Framework criteria and is communicated throughout the organization.

  • Our security and compliance controls are independently assessed by third-party audits and penetration testing annually.

  • Roles and responsibilities related to information security and customer data protection are well defined and documented.

  • Our team members are required to undergo security awareness training and sign an industry-standard confidentiality agreement.

  • Background checks are performed on all new team members as per local laws.

Cloud Security:

  • All our services are hosted on [AWS | GCP | Azure] platforms that employ multiple certifications and robust security measures.

  • Our data is hosted on [AWS | GCP | Azure] databases that are encrypted at rest and located in the United States.

  • Our applications encrypt data in transit with TLS/SSL only.

  • We actively perform vulnerability scanning and monitor cloud services for threats.

  • We have a process for handling security events, including escalation procedures and rapid mitigation.

Access Security:

  • Access to sensitive tools and cloud infrastructure is restricted to authorized employees only.

  • We follow the principle of least privilege access control and conduct quarterly access reviews of all team members.

  • We have strong password policies and require adherence to a minimum set of password requirements and complexity.

  • We utilize password managers on company-issued laptops to maintain password complexity.

Vendor and Risk Management:

  • We undergo at least annual risk assessments to identify potential threats, including fraud considerations.

  • Vendor risk is evaluated, and appropriate vendor reviews are conducted before authorizing a new vendor.



If you have any security-related questions, concerns, or wish to report a potential security issue, please email security@extrance.org.