SOC 2 Certified
TrackTik undergoes a yearly audit against SOC 2 Type 2 security controls in order to provide best-in-class security for its platform.
International Security Management Certified
TrackTik was recently certified ISO 27001/IEC 27001:2013 for its current information security management system.
ISO 27001 Cloud Security Extension
Alongside the ISO 27001, TrackTik achieved a dedicated Cloud Security extension through the ISO 27017 standard.
General Data Protection Regulation
TrackTik is committed to staying compliant with the General Data Protection Regulation and its privacy requirements. A dedicated data processing agreement is available for more details.
California Consumer Privacy Act Compliance
On top of the U.S. Privacy Shield, TrackTik achieves California Consumer Privacy Act compliance and its data and privacy requirements.
International Association of Privacy Professionals
To stay ahead of any arising privacy issues, TrackTik is a member of the International Association of Privacy Professionals and benefits from its global privacy community.
Data Security
Being in the security business means it’s paramount for TrackTik to develop, implement, and maintain software security best practices. Various methods are deployed to secure your data at all times, including:
- Data hosted on Amazon Web Services (AWS) cloud servers and according to your region
- Encryption of all data at REST (SHA-256 ciphers) and in-transit (TLS v1.2+ protocols)
- Daily full back-ups kept for ten days and redundancy in the same AWS region
- Key management for encryption controlled through Amazon Key Management Service
Application Security
TrackTik follows the OWASP SAMM best practices and uses different processes to ensure security stays at the heart of our operations. Here are a few examples of what you should expect with the application:
- Extensive governance and incident management processes
- Least privilege principle for access management
- Possible single sign-on integration and/or strong password requirements for users
- External penetration tests conducted multiple times a year by experts
- Strong network perimeter security with best-in-class firewall and IDS
- Centralized logging, reporting, and analysis of logs to provide visibility, traceability and security insights
Secure Development Process
Secure development and continuous improvements are the essence of TrackTik’s development principles. Processes are in place throughout its SDLC to ensure compliance with current certifications and industry best practices:
- Check & Balance principles embedded in our processes
- Change requests are ticketed and peer-reviewed before commit
- Automatic testing and code scanning of all requests
- Dedicated environments for development, testing, and production
- Privacy and security evaluations performed on new modules and features
Corporate Security Standards
TrackTik also implements security controls to guarantee that its corporate standards and employees training are of the highest level. As an example, TrackTik currently has the following processes in place:
- Continuous employee training and education on security and privacy
- Specific developer training on security and OWASP top 10 security risks
- Supplier chain certification review on security
- Non-disclosure agreements and background checks for all employees and contractors