ThreatKey's Auditing and Assessment
We regularly submit to inspections conducted by our independent auditor. Annually, they conduct an internal "Service Organization Control" Report ("SOC") to assess our internal systems and procedures.
ThreatKey employs multiple layers of protection to secure your data. We implement strict access controls and authentication mechanisms to ensure that only authorized personnel can access sensitive information. Our databases are regularly backed up to prevent data loss and enable fast recovery in the event of any unforeseen incidents.
Regular Audits and Testing
To maintain the highest level of security, we conduct regular security audits and penetration tests. These assessments help us identify vulnerabilities and weaknesses in our systems, which we promptly address to mitigate any potential risks. By staying vigilant and proactive, we continuously enhance the security of our platform.
Employee Access and Training
Our employees undergo a rigorous screening process and are bound by strict confidentiality agreements. Access to customer data is limited to authorized personnel on a need-to-know basis. We also provide comprehensive training to our employees to ensure they are well-versed in security best practices and understand the importance of protecting customer data. All ThreatKey employees undergo stringent background checks before employment. ThreatKey staff accounts are secured by two-factor authentication, which they cannot disable. Staff computers are enabled with full disk encryption and all email accounts are secured with two-factor authentication.
In the event of a security incident, ThreatKey has a well-defined incident response plan in place. Our dedicated security team promptly investigates any potential breaches or unauthorized activities and takes appropriate action to contain and mitigate the impact. We follow industry-standard protocols to communicate with affected customers and provide necessary support and guidance.
As a ThreatKey user, you are in charge of your account's login and authentication. Within your company, you have the flexibility to permit any number of other users to view your information, with a detailed set of permissions. You are not required to disclose your account information to share your security dashboard- just invite others with limited access rights, which you can withdraw whenever you choose.
All account activities are tracked and logged onto a distinct logging platform.
ThreatKey respects the "do not track" preference in certain browsers. Users who choose "do not track" will not be subject to the analytics tracking performed by ThreatKey.
ThreatKey has a business continuity plan included in our SOC 2 Type 2 report.
Technical and Data Security
ThreatKey ensures bank-grade digital security, featuring 256-bit SSL encryption (A+ rated by Qualys SSL Labs). This includes OCSP stapling and HTTP strict transport security. We rely on Amazon Web Services (AWS) for our servers and data hosting. AWS is compliant with a number of certificates for their data centers, including full SSAE 16 (SOC 1, SOC 2, and SOC 3). Our servers are hosted in a virtual private cloud within US data centers. Access to our production environment is limited to select ThreatKey engineers. All direct access to our production systems is protected by public key encryption and two-factor authentication.
ThreatKey prioritizes code security as a crucial aspect of its development process. To ensure the highest level of code security, we employ a range of robust practices and tools, including the use of static analysis.
Our infrastructure is built on a foundation of robust security controls. We utilize industry-leading cloud service providers and maintain a highly secure environment for our systems. Our infrastructure is designed with redundancy, scalability, and fault tolerance in mind, to ensure high availability and resilience.
Third Party Validation
We employ a vulnerability disclosure program to promote the disclosure of security vulnerabilities. We invite top security researchers ("white hats") to probe ThreatKey's platform in a sandbox environment responsibly.
ThreatKey Software Updates
We constantly strive to enhance all aspects of our software, with updates released daily. All changes are reviewed by other software engineers prior to release.
ThreatKey prioritizes accessibility for customer support. Support is available through the ThreatKey Help Center from Monday to Friday between 5:30 am and 8:30pm Pacific Time. Enterprise support is available 24x7.
If you suspect a vulnerability in ThreatKey or are a security researcher in this field, we encourage you to reach out to us at firstname.lastname@example.org. Please provide as much detail as possible, including steps to reproduce or proof. We're always eager to incorporate talented researchers into our vulnerability disclosure program.
Your Trust is Paramount
At ThreatKey, we understand that our customers place their trust in us to protect their valuable information. We are dedicated to upholding that trust by implementing rigorous security measures and continuously improving our practices. If you have any security-related questions or concerns, please don't hesitate to contact our security team at email@example.com.