You’re Secure With Us
Scoutible has established Information Security Plans, Policies, Standards, and Procedures within the Scoutible Information Security Management System. Scoutible’s ISMS was designed under the rigorous ISO-27001 standards to protect the confidentiality, integrity and availability of information assets under Scoutible‘s control.
Scoutible has strict policies in place that are designed to safeguard assets with sensitive information, including customer data, by properly limiting access to authorized users and providing a reliable audit trail of system events and activity in order to identify unauthorized access or activities.
All access to the Scoutible information assets must be controlled to ensure only authorized users or groups of users are granted rights. The authorization methodology of granting these access rights must adhere to the least privilege principle. Scoutible will log, coordinate, and monitor system activities and events throughout the Scoutible platform and dependent systems.
All Scoutible personnel must pass a background check prior to employment, adhere to all Information Security Policies, and undergo Information Security Awareness training no less than annually.
Scoutible has a robust Vendor Management policy in place to ensure protection of Scoutible Information Security Management System assets and data that are accessible by vendors, and to establish standards for information security and service delivery from vendors.
Scoutible shall ensure that third party service providers implement and effectively operate appropriate controls to protect the privacy and security of Scoutible ISMS systems and data.
For Data Center Vendors, a current ISO 27001 certification or SOC 2 Type II audit report shall be provided and reviewed against Scoutible’s strict Data Center Security standards.
Scoutible relies on Google Cloud Platform as a data center and has reviewed the 2018 SOC2 Type 2 Audit Report. Scoutible has deemed that the Google Cloud Platform meets or exceeds Scoutible’s strict Data Center Security standards for the latest period audited as reflected in this report.
Data Protection & Management
Scoutible has strict policies in place that require all sensitive customer data to be encrypted in-transit and at-rest.
Scoutible ensures that connections remain secure using the latest and greatest secure cipher suites and protocols to encrypt all connections related to sensitive customer information.
Scoutible relies on the Google Cloud Platform to ensure sensitive customer data is encrypted at-rest while adhering to Scoutible’s strict Data Center Security standards. The GCP SOC2 Type 2 is reviewed no less than annually.
Data Retention and Data Disposal policies have been implemented by Scoutible and are designed to meet the individual needs of customers.
Firewalls have been configured according to best practices within Google Cloud Platform. Firewall rules are reviewed no less than annually by the Scoutible Information Security team.
Logging and monitoring tools have been implemented to ensure that Scoutible stays apprised of any security events as well as ensure relevant metrics are incorporated in Capacity Planning exercises.
Business Continuity and Disaster Recovery Plans and Testing procedures have been implemented and are perpetually being developed by the Scoutible Information Security team. Risk Assessments are performed regularly, backups are stored nightly, and pertinent metrics are monitored to ensure that the Scoutible Platform remains available to its users.
An Incident Management program has been developed and implemented by the Scoutible Information Security team to ensure users issues are documented and remediated timely.
Any questions or concerns related to this Information Security Overview or an Information Security incident may be directed to firstname.lastname@example.org.