Security

Compliance

SOC 2 (Type I) as of June 2019

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

Key features

Product security

  • 2FA: you can turn on 2-factor authentication (2FA)
  • Granular Permissions : within our app, restricted /permissive roles can be set for your teammates
  • Password : we enforce password complexity standard
  • Uptime : we have a uptime of 99.9% or higher.

Application security

  • Data hosting & storage : AWS is our hosting service in Ireland
  • Failover : failover mechanisms are in place in case our main data data center fail
  • VPC : all ours servers are within our own Virtual Private Cloud with restricted and monitored access
  • Backups : Data are backed up on a daily basis with AWS data center.
  • Monitoring: application logs are produced, analysed and stored for archival purposes.
  • Authentication & Permissions: Access to customer data is limited to authorized employees who require it for their job. We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
  • Encryption : All data sent to or from Grytics is encrypted in transit using 256 bit encryption. Our application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. All customer data is encrypted at rest.
  • Vulnerability scanning : we use third party security tools to continuously scan for vulnerabilities. Once a year, we engage third-party security experts to perform detailed penetration tests on the application.
  • Incident response : we have implemented a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Company security

  • Training : all employees complete a Security and Awareness training annually; other specialised trainings are followed by the IT team
  • Employee vetting : Background checks are performed on new employees in accordance with the French law.
  • Confidentiality : All employee contracts include a confidentiality agreement.
  • Policies : A full set of security policies has been established. They are are updated on a monthly basis (if necessary) and are shared to all employees.

GDPR

GDPR compliance is a requirement. In order to meet with it, Grytics has put in place several measures, among them :

  • Terms of Services and the cookie policy in compliance
  • Our Data Processing Agreements (DPAs) shares our privacy commitments and sets out the terms for Grytics and our customers to meet GDPR requirements. This is available for customers to sign
  • A Data Protection Officer has been appointed
  • Third-party providers working with us handling customer data have been cleared on GDPR related subjects (AWS, Sparkpost)
  • Strong Security measures alongside certifications have been put in place (see above)

Any questions ?

If you want more information about our security policies and processes in place, please contact us

If you think you have found a breach, please contact the security team : security at grytics.com