Security at AlphaGeo
AlphaGeo recognizes importance of security when handling our clients’ data. That’s why we deploy over 100 enterprise-level controls with routine audits and testing to ensure its protection.
Security Overview
Infrastructure
Our infrastructure is hosted on AWS, which holds numerous security certifications including ISO 27001, SOC 1/2/3, PCI DSS, and FedRAMP.
Data
Data from AlphaGeo’s servers is encrypted in transit and at rest. We follow strict guidelines when it comes to handling potentially sensitive information, and transmit data from the user’s browser to our system using HTTPS.
Our data lake is hosted on Snowflake, which holds numerous security certifications including ISO 27001, SOC 2, PCI DSS, and FedRAMP.
Disaster Recovery
AlphaGeo maintains a Business Continuity Plan, which identifies processes, roles, and milestones for maintaining business continuity and restoring system functionality in the event of major disruption. The plan is reviewed and tested annually. Disaster recovery is included within the Business Continuity Plan.
ACCESS CONTROL
Production system access is encrypted to ensure communications with servers are secured. Devices accessing or connecting to the system are authenticated prior to access being granted.
Firewall rulesets are configured and in place to help prevent unauthorized access threats from outside the application and infrastructure environment.
Logical Access Policy and Procedures are in place which define the authorization, modification, removal of access, secure authentication requirements, and the principle of least privilege. The policy is reviewed annually. User access requests are documented and require approval prior to being provisioned.
Penetration Testing
AlphaGeo partners with reputable security firms to conduct routine penetration testing. We run daily vulnerability scans to ensure our systems are running safely and bug-free.
Incident Response
AlphaGeo classifies security incidents based on severity, impact, and urgency. Our Incident Response Policy applies to all employees, contractors, third-party vendors, and other individuals who have access to organizational systems, networks, and data. The incident response team will communicate with relevant stakeholders, including management, employees, customers, regulatory authorities, and law enforcement agencies, as required by law or organizational policies.
SECURITY
SOC 2
61 active controls
GDPR
80 active controls
CCPA
34 active controls
Certifications
SOC 2 security assurance audits
AlphaGeo produces Service Organization Control (SOC 2) reports based on independent audits of its cloud-based data processing system. We provide copies of this report to existing and prospective customers and their auditors, business partners; and only for the limited purposes of meeting compliance obligations and for evaluating controls relating to Security, Availability and Confidentiality Trust Principles. AlphaGeo does not permit or provide the report for any other purposes.
Formal security-related requests