Remote is SOC 2 Type 2 certified. As of July 2022, Remote is working towards certification for ISO 27001. Some of the security controls we’ve implemented to comply with SOC 2 include:
- Continuous credentials auditing and management.
- Physical access to our IT infrastructure is controlled and managed by AWS.
- Electronic access is protected by MFA. Intrusion prevention and detection systems.
- Enforce the usage of strong passwords.
- Follow the least privilege principle to limit systems’ access to essential personnel only.
- Conduct internal security and privacy training.
- Architecture network isolation through private networks.
- Data is encrypted at rest. Data is encrypted in transit (TLS > 1.2).
- Conduct regular vulnerability scanning.
- All internal tools and systems require SSO.
- Applicational logs are stored off site and kept for a limited period. Vendor assessments are conducted before being contracted and regularly assessed.
- We maintain different environments for testing and production purposes.
- Infrastructure-as-code allows for quick rebuilding and portability.
- Continuous monitoring of applications and infrastructure.
- Perform regular data backups.
- Regularly test our Incident Response
- Plan and our Business Continuity and Disaster Recovery plan.
Article is closed for comments.