EXtrance’s Organizational Security
We have an Information Security Program in place that adheres to the SOC 2 Framework criteria and is communicated throughout the organization.
Our security and compliance controls are independently assessed by third-party audits and penetration testing annually.
Roles and responsibilities related to information security and customer data protection are well defined and documented.
Our team members are required to undergo security awareness training and sign an industry-standard confidentiality agreement.
Background checks are performed on all new team members as per local laws.
Cloud Security:
All our services are hosted on [AWS | GCP | Azure] platforms that employ multiple certifications and robust security measures.
Our data is hosted on [AWS | GCP | Azure] databases that are encrypted at rest and located in the United States.
Our applications encrypt data in transit with TLS/SSL only.
We actively perform vulnerability scanning and monitor cloud services for threats.
We have a process for handling security events, including escalation procedures and rapid mitigation.
Access Security:
Access to sensitive tools and cloud infrastructure is restricted to authorized employees only.
We follow the principle of least privilege access control and conduct quarterly access reviews of all team members.
We have strong password policies and require adherence to a minimum set of password requirements and complexity.
We utilize password managers on company-issued laptops to maintain password complexity.
Vendor and Risk Management:
We undergo at least annual risk assessments to identify potential threats, including fraud considerations.
Vendor risk is evaluated, and appropriate vendor reviews are conducted before authorizing a new vendor.
If you have any security-related questions, concerns, or wish to report a potential security issue, please email security@extrance.org.