Codat’s Security Compliance program is built and continually improved in line with industry-recognized and SOC2 TSP and ISO27001 standards. We undergo audits every year for both of these. If you’d like to see our latest SOC 2 Type II, just ask your Account Manager.
Application and data security
To defend against attacks, Codat has a Web Application Firewall in place.
Bug bounty and penetration testing
Codat conducts annual penetration testing and operates a managed private bug bounty program.
When your data is in storage, it is encrypted using Advanced Encryption Standards (AES-256). When on the move, your data is encrypted via industry best practices using Transport Layer Security (TLS 1.2).
Codat employees will not have access to your Codat Portal instance unless you explicitly grant permission. You will retain full control over user access at all times, including privileged administrative rights.
Shared responsibility model
Codat uses Microsoft Azure’s Platform as a Service (PaaS) offering to provide its products. This means that Azure is responsible for the patching and maintenance of the operating system, in addition to the physical data centers and network security.
Azure regularly undergoes independent verification of security, compliance, and privacy controls against both ISO27001 and SOC2 standards, as well as many more. More information on Azure’s security can be found here.
Anti-virus & malware protection
All Codat devices are fully covered by our endpoint detection and response system.
Mobile device management
Devices are fully managed, including patch management, security policies, and other best practices where applicable.
Codat’s onboarding process involves comprehensive interviewing of candidates, background screening, and a structured onboarding period. Exiting employees have their access to Codat systems terminated within one business day.
All Codat employees undergo security training when they start with us, and then at least annually thereafter. We also conduct regular in-house phishing campaigns and ad hoc training.
We encourage responsible disclosure
If you discover vulnerabilities in our web application, or in our APIs, we ask that you alert our team by completing the form below.