CollateralEdge maintains a SOC 2 Type 2 certification for the AICPA Security Trust Criteria. The company maintains a robust system of internal controls supported by a sound information security program to protect internal systems and sensitive data. CollateralEdge undergoes periodic audits of its SOC 2 program.
CollateralEdge follows the principle of least privilege, granting employees and contractors only the access needed for their roles. Role-based access controls, strong passwords, and MFA secure critical IT systems, with regular access reviews and formal onboarding, offboarding, and role change procedures in place.
Sensitive data is secured by encryption in-transit and at-rest using industry standard encryption practices. This means data is encrypted both while it is stored on IT systems and while it is transferred from one system to another.
CollateralEdge applications and supporting infrastructure are hosted in AWS datacenters and protected by AWS’s physical and enviro-mental security controls. Amazon ensures physical access is restricted to authorized personnel and that required redundancies are in place.
CollateralEdge performs regular penetration testing as part of its Information Security and SOC 2 Compliance programs to improve security posture and remove any vulnerabilities open to attacks or hacking. All vulnerabilities are tracked, appropriately patched and tested.
The CollateralEdge platform was developed using industry best practices for data security, data storage and load balancing. CollateralEdge leverages AWS best practices and tools to deploy, manage, and monitor its AWS resources.