Trust and security
We launched AuditBoard to enable organizations to responsibly mitigate and monetize risk at scale – security, privacy, and transparency are in our DNA. Our team trusts the AuditBoard platform to manage and monitor our own business risks and processes every day. You can count on us to keep your organization and its data safe, as if it were our own.
In compliance with:
AuditBoard’s shared responsibility model
Security, privacy, and compliance is a shared responsibility for both our customers and ourselves. Here’s how AuditBoard’s infrastructure, systems, and security operations ensure platform security and availability, and the steps you can take to secure user-uploaded data inside AuditBoard.
AuditBoard’s role in securing the platform
Application software security
- Continuously updated
Product upgrades that contain new security enhancements as well as the latest software updates are automatically applied.
- Extensively tested
All product updates undergo strict quality and security assurance testing before release.
- Third-party verified
Platform security is regularly assessed by third-party penetration testers, security assessors, and vulnerability disclosure program participants.
Secure cloud hosting
Browser-based web application
All functionality is accessible from any modern web browser.
Native security controls
AuditBoard is hosted on AWS, which meets FedRAMP moderate impact requirements and is the gold standard for thousands of companies worldwide who rely on extensive and integrated native security controls.
Redundancy & guaranteed uptime
Servers are replicated and load-balanced across data centers and regions.
Physical security
AWS data centers use biometric entry authentication and 24/7 monitoring.
Data protection
Transport encryption
Strong end-to-end TLS 1.2 / 1.3 encryption protects data wherever it is transferred.
Storage encryption
All files, databases, and backups are AES-256 bit encrypted before being written to permanent disk storage.
Encryption key management
Native key management solution (AWS KMS) protects customer data by generating, storing, using, and rotating encryption keys.
Data integrity
Data is protected from loss, manipulation, and corruption with cryptographic hashing controls that enforce versioning and provide secure transactional capabilities.
Real-time backups
Continuous, real-time backups allow for data recovery at 1-second granularity. All data and files in AuditBoard can be exported in common formats such as CSV or json.
Daily backups
Encrypted, full database backups are made daily and stored in encrypted, redundant, and versioned S3 storage.
Secure deletion
NIST-compliant data sanitization procedures securely delete data at the end of its useful life.
Infrastructure security
Configuration management
All network and systems infrastructure is configured to conform with industry standards such as the CIS Benchmarks for AWS and Kubernetes.
Immutable infrastructure
All production infrastructure is deployed by automation to prevent staff interaction with production systems.
Single-tenant architecture
Dedicated application instances, databases, and storage resources are deployed for each customer and use unique Kubernetes namespaces and IAM identities to provide segmentation and process, network, and filesystem levels.
Real-time monitoring
All platform components are closely monitored to ensure performance, availability, and security.
Vulnerability disclosure program
AuditBoard is committed to protecting customer data and continuously improving our security posture. If you believe you have discovered a vulnerability, privacy issue, data exposure, or any other security concern, we’ll work together to investigate your report, keep you informed during the remediation process, and protect your research under Safe Harbor.
