hero-three-bg
icon

Our Commitment to Security

aicpa-soc

SOC 2

iso-27001

ISO 27001

gdpr

EU GDPR

brand-logo
icon

We practice what we preach

At the core, Secureframe is a security company that makes your trust our #1 priority. 

Secureframe uses enterprise-grade security and regular audits to ensure you’re always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 and ISO 27001 compliant.

This commitment to security is ingrained in our culture. 

Application Security

check

Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.

check

Independent third-party penetration, threat, and vulnerability testing.

check

Secureframe is in full compliance with GDPR and has support for data deletion.

check

User access controls with single sign on.

check

Secureframe’s cloud environments are backed by AWS’ security measures.

check

Role based account access workflows.

Continuous Security Commitment

check

Penetration Testing

We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.

check

Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

check

Third-Party Audits

Our organization undergoes independent third-party assessments to test our security controls.

check

Roles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined and documented.

check

Information Security Program

We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by ISO 27001 and SOC 2.

check

Continuous Monitoring

We continuously monitor our security and compliance status to ensure there are no lapses.