SOC 2 (Type I) as of June 2019
Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
- 2FA: you can turn on 2-factor authentication (2FA)
- Granular Permissions : within our app, restricted /permissive roles can be set for your teammates
- Password : we enforce password complexity standard
- Uptime : we have a uptime of 99.9% or higher.
- Data hosting & storage : AWS is our hosting service in Ireland
- Failover : failover mechanisms are in place in case our main data data center fail
- VPC : all ours servers are within our own Virtual Private Cloud with restricted and monitored access
- Backups : Data are backed up on a daily basis with AWS data center.
- Monitoring: application logs are produced, analysed and stored for archival purposes.
- Authentication & Permissions: Access to customer data is limited to authorized employees who require it for their job. We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to cloud services are protected.
- Encryption : All data sent to or from Grytics is encrypted in transit using 256 bit encryption. Our application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. All customer data is encrypted at rest.
- Vulnerability scanning : we use third party security tools to continuously scan for vulnerabilities. Once a year, we engage third-party security experts to perform detailed penetration tests on the application.
- Incident response : we have implemented a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
- Training : all employees complete a Security and Awareness training annually; other specialised trainings are followed by the IT team
- Employee vetting : Background checks are performed on new employees in accordance with the French law.
- Confidentiality : All employee contracts include a confidentiality agreement.
- Policies : A full set of security policies has been established. They are are updated on a monthly basis (if necessary) and are shared to all employees.
GDPR compliance is a requirement. In order to meet with it, Grytics has put in place several measures, among them :
- Our Data Processing Agreements (DPAs) shares our privacy commitments and sets out the terms for Grytics and our customers to meet GDPR requirements. This is available for customers to sign
- A Data Protection Officer has been appointed
- Third-party providers working with us handling customer data have been cleared on GDPR related subjects (AWS, Sparkpost)
- Strong Security measures alongside certifications have been put in place (see above)
Any questions ?
If you want more information about our security policies and processes in place, please contact us
If you think you have found a breach, please contact the security team : security at grytics.com