Trust and Security at Riscosity
Every product decision made at Riscosity starts with the security and privacy of your data in mind.
SOC 2 Type II Compliant
By being SOC 2 Type II compliant, we can assure our customers that we are committed to maintaining the highest standards of information security.
Riscosity is designed to protect your team from breaches and other threats, and we work with security, privacy, and engineering experts to make sure our product is secure at the code level.
We don’t store your data - so we can’t see it, use it, share it, or sell it.
Data Security
We implement strong measures to protect customer data against unauthorized access, use, disclosure, alteration, destruction, and disruption. We address the entire CIA triad of Confidentiality, Integrity and Availability.
Secure Development
We adopt a “shift left” mentality to embrace security right from the design phase and not as an afterthought after development. Code and design peer reviews, web application scans and 3rd party penetration testing are all part of our standard process.
Security Awareness
We believe “humans are the last line of defense”, and keep ourselves updated on attacker tactics, techniques, and procedures. From general security awareness training for all employees to focused role-based training for our developers, we foster a “security first” culture.
Risk Management
We are always working to reduce uncertainty in our operations. From threat modeling applications to performing annual risk assessments, we identify, evaluate and manage risks on a continuous basis.
Access Control
We implement strict controls over who can access assets (authentication), and what they can do with the access (authorization). Every employee is provided with the minimum level of access that is required to do their job (principle of least privilege).
Security Monitoring
We continuously monitor log activities for real-time response if required. Our platform’s core USP is observability, and we embrace that ethos in our internal operations.