SOC2 Certified

SOC 2 Certified

TrackTik undergoes a yearly audit against SOC 2 Type 2 security controls in order to provide best-in-class security for its platform.

 

ISO 27001

International Security Management Certified

TrackTik was recently certified ISO 27001/IEC 27001:2013 for its current information security management system.

 

ISO 27017

ISO 27001 Cloud Security Extension

Alongside the ISO 27001, TrackTik achieved a dedicated Cloud Security extension through the ISO 27017 standard.

 

GDRP EU

General Data Protection Regulation

TrackTik is committed to staying compliant with the General Data Protection Regulation and its privacy requirements. A dedicated data processing agreement is available for more details.

CCPA Compliance

California Consumer Privacy Act Compliance

On top of the U.S. Privacy Shield, TrackTik achieves California Consumer Privacy Act compliance and its data and privacy requirements.

 

iapp

International Association of Privacy Professionals

To stay ahead of any arising privacy issues, TrackTik is a member of the International Association of Privacy Professionals and benefits from its global privacy community.

Data Security

Being in the security business means it’s paramount for TrackTik to develop, implement, and maintain software security best practices. Various methods are deployed to secure your data at all times, including:

  • Data hosted on Amazon Web Services (AWS) cloud servers and according to your region
  • Encryption of all data at REST (SHA-256 ciphers) and in-transit (TLS v1.2+ protocols)
  • Daily full back-ups kept for ten days and redundancy in the same AWS region
  • Key management for encryption controlled through Amazon Key Management Service
TrackTik Achieves Best-in-Class Information Security Certification with ISO-27001 Security and ISO-27017 Cloud Security
Insights & Analytics

Application Security

TrackTik follows the OWASP SAMM best practices and uses different processes to ensure security stays at the heart of our operations. Here are a few examples of what you should expect with the application:

  • Extensive governance and incident management processes
  • Least privilege principle for access management
  • Possible single sign-on integration and/or strong password requirements for users
  • External penetration tests conducted multiple times a year by experts
  • Strong network perimeter security with best-in-class firewall and IDS
  • Centralized logging, reporting, and analysis of logs to provide visibility, traceability and security insights

Secure Development Process

Secure development and continuous improvements are the essence of TrackTik’s development principles. Processes are in place throughout its SDLC to ensure compliance with current certifications and industry best practices:

  • Check & Balance principles embedded in our processes
  • Change requests are ticketed and peer-reviewed before commit
  • Automatic testing and code scanning of all requests
  • Dedicated environments for development, testing, and production
  • Privacy and security evaluations performed on new modules and features
Internal Security Departments: the Importance of Collecting Data
Mobile Services

Corporate Security Standards

TrackTik also implements security controls to guarantee that its corporate standards and employees training are of the highest level. As an example, TrackTik currently has the following processes in place:

  • Continuous employee training and education on security and privacy
  • Specific developer training on security and OWASP top 10 security risks
  • Supplier chain certification review on security
  • Non-disclosure agreements and background checks for all employees and contractors

We take security seriously. Learn how TrackTik can meet your security concerns today.

Request a Demo