Compliance
2Independently audited and continuously evidenced against the standards our customers rely on.
ISO 27001
ISO/IEC 27001:2022
- Valid through
- Jun 26, 2027
SOC 2
AICPA Trust Service Principles Service Organization Controls (SOC)
- Valid through
- Jun 26, 2027
Controls
135The safeguards we operate across our organization, technology, people, and facilities.
Inventory Management
Asset ManagementOrganization maintains an inventory of information systems, which is reconciled on a periodic basis.
Inventory Management: Applications
Asset ManagementOrganization maintains an inventory of application assets, which is reconciled on a periodic basis.
Inventory Labels
Asset ManagementOrganization assets are labeled and have designated owners.
Media Marking
Asset ManagementWhere applicable, Organization marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information. Exemptions must be approved by management and remain in a specific controlled area.
Asset Transportation Authorization
Asset ManagementOrganization authorizes and records the entry and exit of systems at datacenter locations.
Maintenance of Assets
Asset ManagementEquipment maintenance is documented and approved according to management requirements.
Business Continuity Plan
Business ContinuityOrganization's business contingency plan is periodically reviewed, approved by management and communicated to relevant team members.
Continuity Testing
Business ContinuityOrganization performs business contingency and disaster recovery tests on a periodic basis and ensures the following: • tests are executed with relevant contingency teams • test results are documented • corrective actions are taken for exceptions noted • plans are updated based on results
Resources
27Policies, documentation, and reports that govern how we protect customer data.
Code of Business Conduct
Version 2026.3 · Reviewed Jun 25, 2026 · yearly
Customer Service Agreement Security Addendum
Version 2026.2 · Reviewed May 5, 2026 · yearly
Security Compliance Reporting Procedure
Version 2026.2 · Reviewed May 17, 2026 · yearly
System Description
Version 2026.4 · Reviewed May 5, 2026 · yearly
Control Environment & Governance
Version 2026.4 · Reviewed May 5, 2026 · yearly
Asset Management & Data Classification Policy
Version 2026.5 · Reviewed Jun 25, 2026 · yearly
Change Management Policy
Version 2026.5 · Reviewed Jun 25, 2026 · yearly
Third-Party Risk & Vendor Management Policy
Version 2026.4 · Reviewed May 5, 2026 · yearly
Subprocessors
235Third-party providers that process customer data on our behalf, and where they operate.
WorkOS
Software as a ServiceOAuth app authorized by users
edclub
Software as a ServiceOAuth app authorized by users
User Interviews
Software as a ServiceOAuth app authorized by users
Meet for Workspace Studio
Software as a ServiceOAuth app authorized by users
doris
Software as a ServiceOAuth app authorized by users
ITVX
Software as a ServiceOAuth app authorized by users
coldcake
Software as a ServiceOAuth app authorized by users
Granted
Software as a ServiceOAuth app authorized by users
Questions about our security?
We're glad to help your security and procurement teams move quickly.