SECURITY

Vigilant about privacy, standards and security


All Scopeworker data flow is automatically encrypted at physical and additional layers; for example, all VPC cross-region peering traffic, and customer or service-to-service TLS connections. We encrypt customer data in transit and at rest to ensure that only authorized users can access it, using keys managed by a Key Management System (KMS) or managing encryption keys with CloudHSM using FIPS 140-2 Level 3 validated HSMs.

Image

Certifications against global standards


Deloitte provides independent verification of Scopeworker's security, privacy, and compliance controls


AICPA SOC logo

Scopeworker is SOC 1 compliant


The  SOC 1 report documents internal controls that may be relevant to a customer’s financial reporting. This report is particularly useful for organizations that audit financial statements.

SSAE 18 / ISAE 3402 Type II
The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402).

AICPA SOC logo

Scopeworker is SOC 2 compliant


The SOC 2 Type II is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

SSAE 18 / ISAE 3402 Type II

The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402), both of which are used to generate a report by an objective third party attesting to a set of assertions made by an organization about its controls. 

STRATEGIC SECURITY

Secure, high performing and efficient infrastructure


Image

Prevent


We define user permissions and identities, infrastructure protection and data protection measures.

Image

Detect


We enable visibility into security posture with logging and monitoring. Information can be scaled for event management, testing and auditing.

Image

Respond


Incident response and recovery is automated so that the primary focus of security shifts from response to root cause analysis.

Image

Remediate


We leverage event driven automation to quickly remediate and secure the cloud environment in near real-time.