Sign in Subscribe

Trust and Security Portal

Trust and Security Portal

Overview:

Welcome to The ComplianceAide's Trust Portal, specially designed for our API and services. This portal serves as your one-stop destination for gaining insights into our steadfast commitment to data protection, privacy, and regulatory compliance. Here, you will find exhaustive compliance documentation, answers to commonly asked questions about security and privacy, and an in-depth look into our stringent security measures. Our aim is to be transparent and build a trustworthy relationship with our clientele, offering you the assurance and information you require to be certain of our capabilities in safeguarding your data.

ComplianceAide doesn't store any data to prioritize user privacy and data security by design.

 

AI

Prompt(s) and completions (output), your embeddings and your training data

·         are NOT available to other customers.

·         are NOT available to OpenAI.

·         are NOT used to improve OpenAI models.

·         are NOT used to improve any Microsoft or 3rd party products or services.

·         are NOT used for automatically improving Azure OpenAI models for your use in your resource (The models are stateless, unless you explicitly fine-tune models with your training data).

 

Security Frameworks we follow

·         Cyber Essentials

·         NIST CSF

Risk Profile

·         Third Part Dependence = Yes

·         Hosting = Major Cloud Providers: Azure

Data Security  

·         Backups enabled

We conduct backups on a regular basis in the event of an incident that causes data loss.

·         Data deletion

We do not save, store or retain user responses, policies, plans, POEMS, assessments or evidence beyond a 7 day period.

·       Encryption-in-transit

All customer data is encrypted in-transit using TLS 1.2

·         Physical Security

Physical security of our infrastructure is managed by Azure. For more information, please see this overview: https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security

Access Control

·         Data access

Access to internal systems is granted based on the principle of least privilege and is reviewed on a regular basis.

·         Logging

All important security events in our environment are monitored.

·         Credential Security

We have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are stored in a company managed password manager.

Infrastructure

·         24/7 Status Monitoring

·         Windows 365

Our endpoints utilize windows 365 enterprise VDI's and are hosted in Azure in multiple regions throughout North America.

·         Azure

Our infrastructure is hosted in Azure in multiple regions throughout North America.

·         Infrastructure Security

We utilize infrastructure-as-code techniques to securely deploy resources in our environment.

·         Separate Production Environment

Customer data is not used in non-production environments.

Endpoint Security

·         Disk Encryption

Full-disk encryption is used to protect employee endpoints and infrastructure in the cloud.

·         Endpoint Detection & Response

All employee endpoints are protected with an advanced EDR solution.

·         Mobile Device Management

All employee endpoints are centrally managed and secured using an MDM solution.

Network Security

·         Firewall

We use both Firewalls and Cilium Network Policies (firewalls for Kubernetes) to monitor and control traffic in our infrastructure.

·         IDS

Network activity is centrally logged and arbitrary detection logic has been defined to identify attackers and other anomalous behavior and generate alerts for further investigation.