SOC 2 Type 2 Report - April 2026
No description available.
Our security, compliance, and policy documentation, including audit reports.
No description available.
No description available.
Describes how user access to systems and data is provisioned, reviewed, and revoked based on roles and business needs, following the principle of least privilege.
Describes how data is classified, handled, and protected throughout its lifecycle, ensuring compliance with legal and regulatory requirements.
Outlines how the organization detects, reports, investigates, and responds to security incidents to minimize impact and support recovery and compliance obligations.
Establishes the framework for managing and protecting sensitive information assets, ensuring confidentiality, integrity, and availability.
Defines the roles and responsibilities for information security within the organization, ensuring accountability and effective management of security risks.
Establishes a framework for managing risks to the organization's operations, assets, and individuals.
Establishes plans for maintaining operations during outages or crises, and outlines recovery procedures to restore systems and services with minimal disruption.
Provides guidance for identifying, classifying, and protecting company-owned assets, ensuring they are tracked, maintained, and security handled throughout their lifecycle.
Defines the security measures and protocols for monitoring, detecting, and responding to security incidents within the organization's IT environment.
Establishes guidelines for secure software development practices, including coding standards, code reviews, and security testing.
Establishes a framework for managing risks associated with third-party vendors, including risk assessment, due diligence, and ongoing monitoring.
This policy outlines the organization's commitment to protecting the privacy of personal information in accordance with applicable laws and regulations.