Sprinto’s security practice
Built securely,
for security
Security of your data is at the heart of Sprinto’s design. We dog food our own product and we use Sprinto everyday to monitor our security and compliance posture continuously.
Recognized under
Best-in-class security
We have best-in-class security, periodic audits, and continuous monitoring to ensure that your data
is always secure. Sprinto uses Sprinto to stay SOC 2 compliant. Learn more about our security
practices:
Encryption in transit
The communication between you and our servers is encrypted with 128-bit SSL/TLS encryption. We use industry standard encryption for data traversing to and from the application servers.
Data Encryption
All sensitive data is encrypted at rest with AES. All user passwords are securely hashed; passwords are never stored in plain text.
Secure infrastructure
Sprinto’s computing infrastructure is provided by AWS, a secure cloud services platform. AWS’s physical infrastructure has been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.
Application
Sprinto’s computing infrastructure is provided by AWS, a secure cloud services platform. AWS’s physical infrastructure has been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.
Vulnerability Scanning & Patching
We periodically check and apply patches for third-party software/services. As and when vulnerabilities are discovered we apply the fixes within pre-defined SLAs.
Application access
All data access to Sprinto is protected by a role-based access-control (RBAC) system, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.
Penetration Testing
We conduct periodic penetration tests to ensure the security posture and uncover potential vulnerabilities, using the services of an independent, qualified third party VAPT service.
Security Training
All Sprinto personnel are required to undergo a security training, specifically designed for a cloud-hosted setup. It cover industry best practices around typical human-based-attack vectors involving phishing, passwords, attachments etc.
Access Control
All access to our production infrastructure requires multi-factor authentication, and is restricted to authorized personnel only. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data
is done solely on an as-needed basis.
Disclosure
We are committed to making our system secure. We have a responsible disclosure policy and in case you find a security issue, please report it using the link above. We will make sure the issue is fixed and updated at the earliest.
Sprinto: Built with trust. Engineered for success
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.