Skip to content
AiCPA_SOC_500

Security, Privacy, and Compliance

Security Journey’s security and compliance principles guide how we secure our organization and software platform. 

Security Journey successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Security Journey’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security. 

Security Journey was audited by Prescient Assurance , a leader in security and compliance certifications for B2B and SaaS (Software as a Service) companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com 

An unqualified opinion on a SOC 2 Type II audit report demonstrates to Security Journey’s current and future customers that they manage their data with the highest standard of security and compliance.  

 

Security Journey is committed to
securing our platform and organization.

Our external certifications provide independent assurance of Security Journey’s dedication to protecting our customers by regularly assessing and validating the protections and effective security practices Security Journey has in place.

Secure Personnel

Security Journey secures its data and that of its customers and ensures that only vetted personnel are given access to systems and resources. 

All Security Journey personnel with access to sensitive information undergo screening prior to being engaged or employed in accordance with local laws and industry best practices. 

We embed the culture of security into our business by conducting role-based security awareness and application security training.  

Security Journey personnel follow role-based and organization-wide policies and processes. 

Secure Development

Development efforts at Security Journey follow secure development lifecycle principles. 

Development efforts and change management processes incorporate security requirements and reviews. 

Secure Testing

Security Journey deploys security testing and vulnerability management controls on our platform and codebase.

We conduct vulnerability scans regularly, with findings reviewed and tracked following documented vulnerability management and change management processes.

We engage with third-party penetration testing firms to ensure a comprehensive and real-world view of our platform from multiple perspectives.

We perform security testing on our codebase, including third-party code as part of our software development process.

Businesswoman holding tablet pc entering password. Security concept

Encryption and Data Protection

The Security Journey platform provides security and logical customer separation through secure architecture and design. 

Appropriate security controls are implemented to logically separate customer data.

Customer data is secured using encryption technology. Data in-transit to and from the platform utilizes Transport Layer Security 1.2 or greater. Data at-rest is encrypted using industry standards (e.g., AES 256)

Access to our production environment and infrastructure is strictly controlled and monitored. Only personnel with role-based need are granted access following the principle of least privilege. 

Customers and prospects can request access to the audit report.