ThreatSwitch Security FAQ

This article outlines the secure measures we put in place to protect your data and PII information.

P
Written by Peter Akeley
Updated over a week ago

Introduction

Your organization has decided to use ThreatSwitch to help efficiently manage their Security Program. ThreatSwitch exists to help all parts of a company improve security by automating and streamlining high-volume manual tasks. Things like clearance requests, foreign travel, and visit requests now all live in one easy-to-use place.

Our team has exhaustive experience in the security space and we know the importance of your data. Security is a core piece of everything we do, so we created this document as a quick way to introduce you to the ways we keep your information safe.

What is ThreatSwitch?

ThreatSwitch is a security management software tool designed to automate and improve security compliance. Some of ThreatSwitch’s benefits include improved information sharing between the Security Team and cleared personnel, less time spent on manual paperwork, and easier completion of tasks assigned to you. Importantly for you as a cleared individual, using ThreatSwitch will dramatically reduce the time required for routine activities supporting security clearances and classified projects.

Where is my data stored?

ThreatSwitch’s application is operated via Amazon Web Services GovCloud, which is designed to meet strict compliance requirements for national security, government financial, and government-related protected health information. Because GovCloud is provisioned specifically for the type of data that ThreatSwitch stores, it follows extremely strict rules set by the government and security professionals to prevent external access to any servers. You can be confident that any information you store in ThreatSwitch is protected via state-of-the art security protocols.

How does ThreatSwitch protect my information?

Data security is accomplished via a combination of technical security measures and internal procedures. In terms of technical protection, beyond the security provided by AWS GovCloud, your ThreatSwitch data is encrypted in-transit and at-rest via HTTPS and AES256 respectively.

ThreatSwitch is annually audited as part of our SOC2 compliance to ensure that we execute the following policies and procedures to protect your data:

  • Employee background checks

  • Clean desk policy

  • Password policy

  • Incident Response Policy

  • Vendor management policy

  • Disaster recovery policy

  • Change management and version control policies

  • Logging and monitoring

  • Vulnerability scanning

  • Penetration testing

  • Risk monitoring and mitigation

Who can access my data?

At ThreatSwitch, we believe that sensitive customer data should stay that way. We employ strict controls preventing anyone, including our team, from accessing your information, and we never sell or share your information. Data stored and collected in ThreatSwitch can exclusively be viewed by you and your security team. For more information, please see our product privacy policy.

How is ThreatSwitch audited?

ThreatSwitch undergoes annual third party SOC2 security audits and penetration testing to guarantee that our services and commitments meet the most stringent security requirements.

Securing SOC 2 attestation enables a company to demonstrate to its customers the maturity of its information security program via an independent third party review. It also validates the measures taken to enable security, confidentiality, and availability of customer data.

As of March 17, 2020 ThreatSwitch is SOCII certified. Throughout 2020, ThreatSwitch will undergo additional Type 2 auditing.

If you have any questions or concerns regarding this information, feel free to reach out to our team using the chat feature in the lower right hand corner.

Did this answer your question?