Security

Compliance

SOC 2 Type 1

Governance

Agentio's Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

‍

Our Policies are based on the following foundational principles:

Access should be limited to only those with a legitimate buisness need and granted based ont he principle of least privilege.
Security controls should be implemented and layered according to the principle of defense-in-depth.
Security controls should be applied consistently across all areas of the enterprise.
The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Data Protection

Data at rest: All datastores with customer data are encrypted at rest.
Data in transit: Agentio uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks.
Secret management: Application secrets are encrypted and stored securely via Google Cloud Platform Secret Manager.

‍

Product Security

Agentio requires vulnerability scanning at key stages of our Secure Development Lifecycle (SDLC).

‍

Enterprise Security

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.