Trust Center

Overview

SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.

SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.

Compliance

CCPA

CSA STAR

GDPR

HIPAA

HITRUST

ISO 27001

ISO 27001 SoA

ISO 27017

ISO 27018

SOC 2

FedRAMP Moderate

FISMA Moderate

SafeBreach is reviewed and trusted by

SafeBreach

ServiceNow

Pepsi

Regeneron

PayPal

Experian

Deloitte

Documents

All

Public

Private

ISO 27001

Information Security Policy

Pentest Report

SOC 2 Report

SOC 2

CAIQ

Acceptable Use Policy

Access Control Policy

Anti-Malicious Software Policy

Asset Management Policy

Backup Policy

Business Continuity Policy

BYOD Policy

Data Classification Policy

Encryption Policy

General Incident Response Policy

Other Policies

Password Policy

Risk Management Policy

Software Development Lifecycle

Vulnerability Management Policy

BC/DR

Risk Profile

Data Access LevelInternal

Impact LevelModerate

Recovery Time Objective12 hours

Product Security

Audit Logging

Data Security

Integrations

Reports

Network Diagram

Pentest Report

Security Prospectus

Self-Assessments

CAIQ

Data Security

Access Monitoring

Backups Enabled

Data Erasure

App Security

Code Analysis

Credential Management

SBOM

Legal

Cyber Insurance

Data Processing Agreement

Master Services Agreement

Access Control

Data Access

Logging

Password Security

Infrastructure

Amazon Web Services

Anti-DDoS

BC/DR

Endpoint Security

Disk Encryption

Mobile Device Management

Threat Detection

Network Security

Data Loss Prevention

DNSSEC

Firewall

Corporate Security

Asset Management Practices

Email Protection

Employee Training

Policies

Acceptable Use Policy

Access Control Policy

Anti-Malicious Software Policy

Security Grades

SecurityScorecard

SafeBreach

Qualys SSL Labs

www.safebreach.com

A+

demo.safebreach.com

A+

Security Headers

Corporate Website

Demo Customer Console

Trust Center Updates

Supply Chain Risk Management Policy

GeneralCopy link

Hi all. Software supply chain vulnerabilities have been becoming more prominent. SafeBreach has formalized a policy for managing this risk. This policy covers upstream supply risk (vendors) and downstream supply risk (customers). This policy document is available under the Other Policies subsection of the Policies card.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

OpenSSL Vulnerability - No Impact to SafeBreach

IncidentsCopy link

Hi all, As you may be aware, the OpenSSL Project is announcing a critical vulnerability in OpenSSL 3,0 and above. We took steps to review our SBOM and are not using the affected libraries in our environment. All SafeBreach platforms are running OpenSSL 1.1.1. We will be monitoring the OpenSSL Project announcement to see if we need to apply any patches to our current environment.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

SOC 2 Type II report now available

ComplianceCopy link

We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.

Published at N/A

Initial Security Portal complete

GeneralCopy link

The SafeBase security portal has been updated.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue