trust.audian.com Open in urlscan Pro
104.21.56.158  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Audian | Trust Center
 * Monitoring


Trust Center Header
Trust Center Subheader
See section


RESOURCES




SUBPROCESSORS




MONITORING

Continuously monitored by Secureframe


CHANGE MANAGEMENT

 * Production Data Use is Restricted
 * Configuration and Asset Management Policy
 * Change Management Policy

View 1 more control


AVAILABILITY

 * Business Continuity and Disaster Recovery Policy
 * Uptime and Availability Monitoring


ORGANIZATIONAL MANAGEMENT

 * Code of Conduct
 * Background Checks
 * Performance Review Policy

View 7 more controls


CONFIDENTIALITY

 * Data Classification Policy
 * Data Retention and Disposal Policy
 * Access to Customer Data is Restricted


VULNERABILITY MANAGEMENT

 * Vulnerability and Patch Management Policy


INCIDENT RESPONSE

 * Incident Response Plan


RISK ASSESSMENT

 * Vendor Due Diligence Review
 * Vendor Risk Management Policy
 * Risk Assessment and Treatment Policy


NETWORK SECURITY

 * Network Security Policy


ACCESS SECURITY

 * Removal of Access
 * Access to Product is Restricted
 * Access Control and Termination Policy

View 2 more controls


PHYSICAL SECURITY

 * Physical Security Policy

View all


COMPLIANCE


Powered by


MONITORING




CHANGE MANAGEMENT

Production Data Use is Restricted
Production data is not used in the development and testing environments, unless
required for debugging customer issues.
Configuration and Asset Management Policy
A Configuration and Asset Management Policy governs configurations for new
sensitive systems
Change Management Policy
A Change Management Policy governs the documenting, tracking, testing, and
approving of system, network, security, and infrastructure changes.
Secure Development Policy
A Secure Development Policy defines the requirements for secure software and
system development and maintenance.


AVAILABILITY

Business Continuity and Disaster Recovery Policy
Business Continuity and Disaster Recovery Policy governs required processes for
restoring the service or supporting infrastructure after suffering a disaster or
disruption.
Uptime and Availability Monitoring
System tools monitors for uptime and availability based on predetermined
criteria.


ORGANIZATIONAL MANAGEMENT

Code of Conduct
A Code of Conduct outlines ethical expectations, behavior standards, and
ramifications of noncompliance.
Background Checks
Background checks or their equivalent are performed before or promptly after a
new hires start date, as permitted by local laws.
Performance Review Policy
A Performance Review Policy provides personnel context and transparency into
their performance and career development processes.
Disciplinary Action
Personnel who violate information security policies are subject to disciplinary
action and such disciplinary action is clearly documented in one or more
policies.
Independent Advisor
The board of directors or equivalent entity function includes senior management
and external advisors, who are independent from the company's operations. An
information security team has also been established to govern cybersecurity.
Internal Control Policy
An Internal Control Policy identifies how a system of controls should be
maintained to safeguard assets, promote operational efficiency, and encourage
adherence to prescribed managerial policies.
Acceptable Use Policy
An Acceptable Use Policy defines standards for appropriate and secure use of
company hardware and electronic systems including storage media, communication
tools and internet access.
Information Security Policy
An Information Security Policy establishes the security requirements for
maintaining the security, confidentiality, integrity, and availability of
applications, systems, infrastructure, and data.
Information Security Program Review
Management is responsible for the design, implementation, and management of the
organization’s security policies and procedures. The policies and procedures are
reviewed by management at least annually.
Roles and Responsibilities
Information security roles and responsibilities are outlined for personnel
responsible for the security, availability, and confidentiality of the system.


CONFIDENTIALITY

Data Classification Policy
A Data Classification Policy details the security and handling protocols for
sensitive data.
Data Retention and Disposal Policy
A Data Retention and Disposal Policy specifies how customer data is to be
retained and disposed of based on compliance requirements and contractual
obligations.
Access to Customer Data is Restricted
Access to, erasure of, or destruction of customer data is restricted to
personnel that need access based on the principle of least privilege.


VULNERABILITY MANAGEMENT

Vulnerability and Patch Management Policy
A Vulnerability Management and Patch Management Policy outlines the processes to
efficiently respond to identified vulnerabilities.


INCIDENT RESPONSE

Incident Response Plan
An Incident Response Plan outlines the process of identifying, prioritizing,
communicating, assigning and tracking confirmed incidents through to resolution.


RISK ASSESSMENT

Vendor Due Diligence Review
Vendor SOC 2 reports (or equivalent) are collected and reviewed on at least an
annual basis.
Vendor Risk Management Policy
A Vendor Risk Management Policy defines a framework for the onboarding and
management of the vendor relationship lifecycle.
Risk Assessment and Treatment Policy
A Risk Assessment and Treatment Policy governs the process for conducting risk
assessments to account for threats, vulnerabilities, likelihood, and impact with
respect to assets, team members, customers, vendors, suppliers, and partners.
Risk tolerance and strategies are also defined in the policy.


NETWORK SECURITY

Network Security Policy
A Network Security Policy identifies the requirements for protecting information
and systems within and across networks.


ACCESS SECURITY

Removal of Access
Upon termination or when internal personnel no longer require access, system
access is removed, as applicable.
Access to Product is Restricted
Non-console access to production infrastructure is restricted to users with a
unique SSH key or access key
Access Control and Termination Policy
An Access Control and Termination Policy governs authentication and access to
applicable systems, data, and networks.
Unique Access IDs
Personnel are assigned unique IDs to access sensitive systems, networks, and
information
Encryption and Key Management Policy
An Encryption and Key Management Policy supports the secure encryption and
decryption of app secrets, and governs the use of cryptographic controls.


PHYSICAL SECURITY

Physical Security Policy
A Physical Security Policy that details physical security requirements for the
company facilities is in place.


COMMUNICATIONS

Confidential Reporting Channel
A confidential reporting channel is made available to internal personnel and
external parties to report security and other identified concerns.
Privacy Policy
A Privacy Policy to both external users and internal personnel. This policy
details the company's privacy commitments.