Security graphic

Security Statement

Cloud Security

We use AWS to host our cloud infrastructure and services. AWS is a best-in-class SOC 2 Type 2 certified cloud vendor. We leverage AWS services and follow both their best practices and the most strict industry security standards to achieve the most secure cloud infrastructure. A sampling of the cloud security practices we follow are as follows:

Segmented virtual private clouds (VPCs) for different environments to ensure data is isolated at the network level
Network segmentation and private subnets to ensure that no data is accessible directly from the public internet
Data encryption both in transit and at rest to ensure that sensitive information is never exposed whether it's in storage or while it's being transferred
Up-to-the minute data backups to ensure that data is never lost and can always be restored in the event of a disaster
Publicly facing applications and endpoints only expose the necessary ports for client access, and all communications occur over TLS 1.2 or above
Applications are configured to be highly available, redundant, scalable, and fault tolerant to ensure the highest possible system uptime

Application Security

Our team has extensive experience building secure applications across a variety of security standards, including PCI and PHI.
We regularly train our engineers on security best practices and actively code against common vulnerabilities, including but not limited to those included in the OWASP Top 10 list.
We follow a defense-in-depth approach, including but not limited to row level security (RLS), to segment client data in our multi-tenant architecture to ensure that each client’s data is isolated from other clients.
We follow best-in-class security practices around identity management, user access, clients passwords, login, logout, forgot password protocols, and other related access-based functionality.
We have a robust unit testing framework to ensure that functionality is automatically tested and retested with every change we make to the system.

General Security

We use strong password protocols both in terms of how we generate cryptographically strong passwords and how we store them; this applies to passwords for our team members as well as system passwords for our software.
Following industry best practices, we regularly rotate critical passwords to limit potential exposure vectors.
We follow the principle of least privilege across all aspects of our business, ensuring that team members only have access to the systems that they need and nothing more.
We maintain high physical security standards for laptops and our office space.

Copyright 2024. All rights reserved.

Home About Security

466 King Street, Suite 200

Charleston, SC 29403

sales@protrustee.com