Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.

SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
HIPAA Logo
HIPAA
HITRUST Logo
HITRUST
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
SOC 2 Logo
SOC 2
FedRAMP Moderate Logo
FedRAMP Moderate
FISMA Moderate Logo
FISMA Moderate
Start your security review
View & download sensitive information
Ask for information

SafeBreach is reviewed and trusted by

SafeBreach-company-logoSafeBreach
ServiceNow-company-logoServiceNow
Pepsi-company-logoPepsi
Regeneron-company-logoRegeneron
PayPal-company-logoPayPal
Experian-company-logoExperian
Deloitte-company-logoDeloitte
ISO 27001
Information Security Policy
Pentest Report
Security Whitepaper
SOC 2 Report
SOC 2
CAIQ
Audit Logging
BC/DR
Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Data Sanitization Policy
Encryption Policy
General Incident Response Policy
Other Policies
Password Policy
Physical Security
Risk Management Policy
Software Development Lifecycle
Vulnerability Management Policy

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective12 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Pentest Report
Security Prospectus
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Code Analysis
Credential Management
SBOM
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
BC/DR
View more

Endpoint Security

Disk Encryption
Mobile Device Management
Threat Detection

Network Security

Data Loss Prevention
DNSSEC
Firewall
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View more

Security Grades

SecurityScorecard
SafeBreach
Security Scorecard A grade
Qualys SSL Labs
www.safebreach.com
A+
demo.safebreach.com
A+
Security Headers
Corporate Website
A
Demo Customer Console
A

Trust Center Updates

SafeBreach response to XZ backdoor (CVE 2024-3094)

VulnerabilitiesCopy link

Hi all,

SafeBreach is tracking the newly released information about the XZ backdoor. We have searched through the SBOM of our images and associated dependencies. We can confirm that we are not using any vulnerable version of the impacted library (5.6.0 and 5.6.1) or any package with an inherited dependency on said libraries.

As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,

Avishai Avivi CISO | SafeBreach

Published at N/A

2023 ISO 27001:2013 certificate available

ComplianceCopy link

We are pleased to announce that we have received our ISO 27001:2013 certificate from The Standards Institution of Israel. Customers with NDA can access and download a copy of the certificate from this portal.

Published at N/A

SafeBreach response to the evolving situation in Israel

GeneralCopy link

To our customers and partners, In light of the recent events in Israel, we have formally activated our Disaster Recovery plan and are closely monitoring the situation. This plan, available for download here, ensures no disruption to our services. As you may know, our main engineering group is located in Israel, and we have been in constant contact with all team members to ensure their safety and well-being.

As always, your security continues to be our top priority, and I believe it is important to provide clarity and reassurance on a few key points:

  • SafeBreach HQ is located in the US and continues to operate normally.
  • Services and support for customers and partners are carried out primarily by resources located in the US.
  • SafeBreach has no dependency on any one region in the world to continue providing these services and support.
  • Our Israel site continues to operate normally, albeit at a heightened alert level.
  • We expect to remain on schedule with all planned content and product updates.

Our hearts and minds are with our Israeli team members, and we are doing all we can to help them through this difficult time.

Please do not hesitate to contact me directly if you have any questions.

Avishai Avivi CISO | SafeBreach

Published at N/A

2023 SOC 2 Type II report now available

ComplianceCopy link

We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.

Published at N/A

SafeBreach response to HTTP/2 weaknesses

VulnerabilitiesCopy link

SafeBreach is aware of the HTTP/2 weaknesses currently being exploited by malicious actors to enable DDoS attacks. We have taken all precautions to limit the potential attack surface of such attacks in each of our public-facing assets. Customers still concerned about this weakness potentially impacting them can also request to limit the IP ranges allowed to connect to their Management Consoles. This step will effectively render the risk of a volumetric DDoS attack against their consoles moot.

If you have any further questions or concerns, please feel free to contact us via security@safebreach.com or through your account manager.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

Security Whitepaper 2.0 has been uploaded

GeneralCopy link

Hi all, We have uploaded an updated version of our Security Whitepaper to the trust center. It does not require an active NDA to download.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

Supply Chain Risk Management Policy

GeneralCopy link

Hi all. Software supply chain vulnerabilities have been becoming more prominent. SafeBreach has formalized a policy for managing this risk. This policy covers upstream supply risk (vendors) and downstream supply risk (customers). This policy document is available under the Other Policies subsection of the Policies card.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

OpenSSL Vulnerability - No Impact to SafeBreach

IncidentsCopy link

Hi all, As you may be aware, the OpenSSL Project is announcing a critical vulnerability in OpenSSL 3,0 and above. We took steps to review our SBOM and are not using the affected libraries in our environment. All SafeBreach platforms are running OpenSSL 1.1.1. We will be monitoring the OpenSSL Project announcement to see if we need to apply any patches to our current environment.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

SOC 2 Type II report now available

ComplianceCopy link

We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.

Published at N/A

Initial Security Portal complete

GeneralCopy link

The SafeBase security portal has been updated.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo