sa���ʴ�ý������ҳ���

Security Program and Risk Management

PartnerStackhas established a comprehensive security program based on AICPA Trust Services Criteria (TSC) 2017 for security, confidentiality, availability, processing integrity, and privacy.

PartnerStackperforms an annual risk assessment to gain an accurate and comprehensive identification, review, and remediation of risks and vulnerabilities that may impact the platform's commitment to security, confidentiality, availability, processing integrity, and privacy.

Compliance

PartnerStackplatform is SOC 2 Type 2 compliant against security, confidentiality, availability, processing integrity, and privacy.

For a copy of the SOC 2 Type 2 report, please submit a request to and inform your account manager.

Data encryption in-transit and at-rest

PartnerStackenforces TLS1.2 and above for data in transit between its users and the platform.

PartnerStackproduction data is encrypted at rest using AES-256 encryption.

‍

SAML 2.0 SSO

PartnerStacksupports the industry standard SAML 2.0 protocol for authentication using an external identity provider.

Confidentiality and Monitoring

PartnerStackenforces principles of least privilege and enforces access to data on a need to know and operate basis.

PartnerStackhas established extensive audit and monitoring controls to help ensure auditability of access functions performed internally and externally.

PartnerStackplatform enforces granular role-based access control for its users.

Network Protections

PartnerStackhas implemented private networking, firewalls, and segmentation controls through its suppliers to ensure alignment with best practices on its network infrastructure.

Penetration Testing

PartnerStackperforms targeted and general penetration testing on its platform on at least an annual basis.

Vulnerability Management

PartnerStackperforms real-time static code analysis for core application code as part of the deployment process.

PartnerStackperforms container vulnerability scanning as part of its deployment process.

PartnerStackhas established a vulnerability management process that addresses risks in the following target SLA:

Zero Day / Critical: 7 days

High: 30 days

Medium: 90 days

Low/Info: 180 days+ (dependent on overall risk assessment)

Supplier Risk Management

PartnerStackhas implemented a comprehensive supplier risk management policies and procedures to ensure protection of assets and data that are accessible by its suppliers and to establish standards for information security, privacy, and service delivery from its suppliers.

Human Resources Security

PartnerStackconducts background checks for all applicants selected for full-time employment.

PartnerStackemployees and related entities are subject to continuous security awareness training with a minimum annual cadence.

Business Continuity and Availability

PartnerStackhas documented and implemented a business continuity and disaster recovery plan that may be activated in case defined disruptions.

PartnerStackenforces automated daily backups for its databases on multiple zones.

PartnerStacktests its business continuity and disaster recovery scenarios at least annually.

Reliability and Capacity Monitoring

PartnerStackhas a comprehensive monitoring system that helps to ensure the reliability of the platform and its related components.

Bug Bounty and Vulnerability Reports

PartnerStackdoes not currently have a formal bug bounty program but we encourage all researchers to submit identified vulnerabilities with a summary and a proof of concept (POC) to security@partnerstack.com and our team will respond as soon as possible.