Security At Riscosity

Trust and Security at Riscosity

Every product decision made at Riscosity starts with the security and privacy of your data in mind.

SOC 2 Type II Compliant

By being SOC 2 Type II compliant, we can assure our customers that we are committed to maintaining the highest standards of information security.

Riscosity is designed to protect your team from breaches and other threats, and we work with security, privacy, and engineering experts to make sure our product is secure at the code level.

We don’t store your data - so we can’t see it, use it, share it, or sell it.

checkmark icon

Data Security

We implement strong measures to protect customer data against unauthorized access, use, disclosure, alteration, destruction, and disruption. We address the entire CIA triad of Confidentiality, Integrity and Availability.

checkmark icon

Secure Development

We adopt a “shift left” mentality to embrace security right from the design phase and not as an afterthought after development. Code and design peer reviews, web application scans and 3rd party penetration testing are all part of our standard process.

checkmark icon

Security Awareness

We believe “humans are the last line of defense”, and keep ourselves updated on attacker tactics, techniques, and procedures. From general security awareness training for all employees to focused role-based training for our developers, we foster a “security first” culture.

checkmark icon

Risk Management

We are always working to reduce uncertainty in our operations. From threat modeling applications to performing annual risk assessments, we identify, evaluate and manage risks on a continuous basis.

checkmark icon

Access Control

We implement strict controls over who can access assets (authentication), and what they can do with the access (authorization). Every employee is provided with the minimum level of access that is required to do their job (principle of least privilege).

checkmark icon

Security Monitoring

We continuously monitor log activities for real-time response if required. Our platform’s core USP is observability, and we embrace that ethos in our internal operations.