Your organization has decided to use ThreatSwitch to help efficiently manage their Security Program. ThreatSwitch exists to help all parts of a company improve security by automating and streamlining high-volume manual tasks. Things like clearance requests, foreign travel, and visit requests now all live in one easy-to-use place.
Our team has exhaustive experience in the security space and we know the importance of your data. Security is a core piece of everything we do, so we created this document as a quick way to introduce you to the ways we keep your information safe.
What is ThreatSwitch?
ThreatSwitch is a security management software tool designed to automate and improve security compliance. Some of ThreatSwitch’s benefits include improved information sharing between the Security Team and cleared personnel, less time spent on manual paperwork, and easier completion of tasks assigned to you. Importantly for you as a cleared individual, using ThreatSwitch will dramatically reduce the time required for routine activities supporting security clearances and classified projects.
Where is my data stored?
ThreatSwitch’s application is operated via Amazon Web Services GovCloud, which is designed to meet strict compliance requirements for national security, government financial, and government-related protected health information. Because GovCloud is provisioned specifically for the type of data that ThreatSwitch stores, it follows extremely strict rules set by the government and security professionals to prevent external access to any servers. You can be confident that any information you store in ThreatSwitch is protected via state-of-the art security protocols.
How does ThreatSwitch protect my information?
Data security is accomplished via a combination of technical security measures and internal procedures. In terms of technical protection, beyond the security provided by AWS GovCloud, your ThreatSwitch data is encrypted in-transit and at-rest via HTTPS and AES256 respectively.
ThreatSwitch is annually audited as part of our SOC2 compliance to ensure that we execute the following policies and procedures to protect your data:
Employee background checks
Clean desk policy
Incident Response Policy
Vendor management policy
Disaster recovery policy
Change management and version control policies
Logging and monitoring
Risk monitoring and mitigation
Who can access my data?
How is ThreatSwitch audited?
ThreatSwitch undergoes annual third party SOC2 security audits and penetration testing to guarantee that our services and commitments meet the most stringent security requirements.
Securing SOC 2 attestation enables a company to demonstrate to its customers the maturity of its information security program via an independent third party review. It also validates the measures taken to enable security, confidentiality, and availability of customer data.
As of March 17, 2020 ThreatSwitch is SOCII certified. Throughout 2020, ThreatSwitch will undergo additional Type 2 auditing.
If you have any questions or concerns regarding this information, feel free to reach out to our team using the chat feature in the lower right hand corner.