Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

SafeBreach maintains an Information Security Program to ensure all computer and data communication systems' confidentiality, integrity, and availability while meeting the necessary legislative, industry, and contractual requirements.

SafeBreach policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 and the American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2. In addition, we use an independent third-party body to periodically audit our compliance with leading industry standards.

Start your security review
View & download sensitive information
Ask for information
SafeBreach-company-logoSafeBreach
ServiceNow-company-logoServiceNow
Pepsi-company-logoPepsi
Regeneron-company-logoRegeneron
PayPal-company-logoPayPal
Experian-company-logoExperian
Deloitte-company-logoDeloitte
ISO 27001

Trust Center Updates

SafeBreach response to XZ backdoor (CVE 2024-3094)

VulnerabilitiesCopy link

Hi all,

SafeBreach is tracking the newly released information about the XZ backdoor. We have searched through the SBOM of our images and associated dependencies. We can confirm that we are not using any vulnerable version of the impacted library (5.6.0 and 5.6.1) or any package with an inherited dependency on said libraries.

As always, your security is our paramount concern. We will keep an eye on any further developments on this issue,

Avishai Avivi CISO | SafeBreach

Published at N/A

2023 ISO 27001:2013 certificate available

ComplianceCopy link

We are pleased to announce that we have received our ISO 27001:2013 certificate from The Standards Institution of Israel. Customers with NDA can access and download a copy of the certificate from this portal.

Published at N/A

SafeBreach response to the evolving situation in Israel

GeneralCopy link

To our customers and partners, In light of the recent events in Israel, we have formally activated our Disaster Recovery plan and are closely monitoring the situation. This plan, available for download here, ensures no disruption to our services. As you may know, our main engineering group is located in Israel, and we have been in constant contact with all team members to ensure their safety and well-being.

As always, your security continues to be our top priority, and I believe it is important to provide clarity and reassurance on a few key points:

  • SafeBreach HQ is located in the US and continues to operate normally.
  • Services and support for customers and partners are carried out primarily by resources located in the US.
  • SafeBreach has no dependency on any one region in the world to continue providing these services and support.
  • Our Israel site continues to operate normally, albeit at a heightened alert level.
  • We expect to remain on schedule with all planned content and product updates.

Our hearts and minds are with our Israeli team members, and we are doing all we can to help them through this difficult time.

Please do not hesitate to contact me directly if you have any questions.

Avishai Avivi CISO | SafeBreach

Published at N/A

2023 SOC 2 Type II report now available

ComplianceCopy link

We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.

Published at N/A

SafeBreach response to HTTP/2 weaknesses

VulnerabilitiesCopy link

SafeBreach is aware of the HTTP/2 weaknesses currently being exploited by malicious actors to enable DDoS attacks. We have taken all precautions to limit the potential attack surface of such attacks in each of our public-facing assets. Customers still concerned about this weakness potentially impacting them can also request to limit the IP ranges allowed to connect to their Management Consoles. This step will effectively render the risk of a volumetric DDoS attack against their consoles moot.

If you have any further questions or concerns, please feel free to contact us via security@safebreach.com or through your account manager.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

Security Whitepaper 2.0 has been uploaded

GeneralCopy link

Hi all, We have uploaded an updated version of our Security Whitepaper to the trust center. It does not require an active NDA to download.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

Supply Chain Risk Management Policy

GeneralCopy link

Hi all. Software supply chain vulnerabilities have been becoming more prominent. SafeBreach has formalized a policy for managing this risk. This policy covers upstream supply risk (vendors) and downstream supply risk (customers). This policy document is available under the Other Policies subsection of the Policies card.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

OpenSSL Vulnerability - No Impact to SafeBreach

IncidentsCopy link

Hi all, As you may be aware, the OpenSSL Project is announcing a critical vulnerability in OpenSSL 3,0 and above. We took steps to review our SBOM and are not using the affected libraries in our environment. All SafeBreach platforms are running OpenSSL 1.1.1. We will be monitoring the OpenSSL Project announcement to see if we need to apply any patches to our current environment.

Your security is our top priority.

Avishai Avivi CISO | SafeBreach

Published at N/A

SOC 2 Type II report now available

ComplianceCopy link

We are pleased to announce that we have received our SOC 2 Type II report from EY. Customers with NDA can access and download a copy of the report from this portal.

Published at N/A

Initial Security Portal complete

GeneralCopy link

The SafeBase security portal has been updated.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo