Overview
SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.
SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.
Compliance



Documents
Risk Profile
Product Security
Reports
Self-Assessments
Data Security
App Security
Legal
Access Control
Infrastructure
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades

Trust Center Updates
To our customers and partners, In light of the recent events in Israel, we have formally activated our Disaster Recovery plan and are closely monitoring the situation. This plan, available for download here, ensures no disruption to our services. As you may know, our main engineering group is located in Israel, and we have been in constant contact with all team members to ensure their safety and well-being.
As always, your security continues to be our top priority, and I believe it is important to provide clarity and reassurance on a few key points:
- SafeBreach HQ is located in the US and continues to operate normally.
- Services and support for customers and partners are carried out primarily by resources located in the US.
- SafeBreach has no dependency on any one region in the world to continue providing these services and support.
- Our Israel site continues to operate normally, albeit at a heightened alert level.
- We expect to remain on schedule with all planned content and product updates.
Our hearts and minds are with our Israeli team members, and we are doing all we can to help them through this difficult time.
Please do not hesitate to contact me directly if you have any questions.
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.
SafeBreach is aware of the HTTP/2 weaknesses currently being exploited by malicious actors to enable DDoS attacks. We have taken all precautions to limit the potential attack surface of such attacks in each of our public-facing assets. Customers still concerned about this weakness potentially impacting them can also request to limit the IP ranges allowed to connect to their Management Consoles. This step will effectively render the risk of a volumetric DDoS attack against their consoles moot.
If you have any further questions or concerns, please feel free to contact us via security@safebreach.com or through your account manager.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
Hi all, We have uploaded an updated version of our Security Whitepaper to the trust center. It does not require an active NDA to download.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
Hi all. Software supply chain vulnerabilities have been becoming more prominent. SafeBreach has formalized a policy for managing this risk. This policy covers upstream supply risk (vendors) and downstream supply risk (customers). This policy document is available under the Other Policies subsection of the Policies card.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
Hi all, As you may be aware, the OpenSSL Project is announcing a critical vulnerability in OpenSSL 3,0 and above. We took steps to review our SBOM and are not using the affected libraries in our environment. All SafeBreach platforms are running OpenSSL 1.1.1. We will be monitoring the OpenSSL Project announcement to see if we need to apply any patches to our current environment.
Your security is our top priority.
Avishai Avivi CISO | SafeBreach
We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.
The SafeBase security portal has been updated.
If you think you may have discovered a vulnerability, please send us a note.