Security, Privacy, and Compliance
Security Journey’s security and compliance principles guide how we secure our organization and software platform.
Security Journey successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Security Journey’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
Security Journey was audited by Prescient Assurance , a leader in security and compliance certifications for B2B and SaaS (Software as a Service) companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc. For more information about Prescient Assurance, you may reach out them at firstname.lastname@example.org
An unqualified opinion on a SOC 2 Type II audit report demonstrates to Security Journey’s current and future customers that they manage their data with the highest standard of security and compliance.
Security Journey is committed to
securing our platform and organization.
All Security Journey personnel with access to sensitive information undergo screening prior to being engaged or employed in accordance with local laws and industry best practices.
We embed the culture of security into our business by conducting role-based security awareness and application security training.
Security Journey personnel follow role-based and organization-wide policies and processes.
Development efforts at Security Journey follow secure development lifecycle principles.
Development efforts and change management processes incorporate security requirements and reviews.
Security Journey deploys security testing and vulnerability management controls on our platform and codebase.
We conduct vulnerability scans regularly, with findings reviewed and tracked following documented vulnerability management and change management processes.
We engage with third-party penetration testing firms to ensure a comprehensive and real-world view of our platform from multiple perspectives.
We perform security testing on our codebase, including third-party code as part of our software development process.
Encryption and Data Protection
The Security Journey platform provides security and logical customer separation through secure architecture and design.
Appropriate security controls are implemented to logically separate customer data.
Customer data is secured using encryption technology. Data in-transit to and from the platform utilizes Transport Layer Security 1.2 or greater. Data at-rest is encrypted using industry standards (e.g., AES 256)
Access to our production environment and infrastructure is strictly controlled and monitored. Only personnel with role-based need are granted access following the principle of least privilege.