Security and Trust at SwiftComply
At SwiftComply, we place the highest importance on data security. We are proud to have earned SOC 2 Type II certification and have undergone rigorous security processes to ensure the utmost protection of your data. When moving to SwiftComply we offer personalized support to ensure a seamless experience. And if you ever have any questions about our security, we’re always here to chat and put your mind at ease
Security controls
Our products are designed with multiple layers of technical and operational controls to ensure your data is always protected. We have implemented a comprehensive information security management system that includes policies and procedures related to network security, data security, access control, incident response, backups, change management, risk management, vulnerability and patch management, and vendor risk management. You can trust SwiftComply to keep your data safe and secure.
We’re SOC 2 Type 2 Security Compliance Certified
Since October 2021, we have held SOC 2 Type 2 certification for our third generation of software, one of the highest accolades for SaaS companies in cybersecurity. This certification assures you that our strict security and data privacy controls are in place to protect your data and earn your trust.
Security Overview
Risk Management
We use ISO 31000 to identify assets, assess threats and vulnerabilities, and implement controls to safeguard your data. Our proactive risk management approach ensures the security of our platform.
Information Security
We prioritize data security with comprehensive policies for storage, transmission, usage, and monitoring. We enhance our platform security by adopting Google Cloud Platform's policies.
Operational Security
We limit access to the production network and superuser functions. We use GCP for logging, monitoring, and intrusion detection. Critical data is backed up daily and stored for 7 days using PostgreSQL. All changes undergo automated testing before deployment.
Access Control
We prioritize data protection with strict access control policies. Network access is limited to personnel who maintain stability. We follow NIST SP 800-53 guidelines for effective security management.
Incident Management
Our incident response processes detect, triage, respond, and recover from incidents to safeguard data and maintain platform security. We continuously improve our capabilities to respond effectively in the future.
Business Continuity
Our Business Continuity Plan prepares and protects you from disasters. It includes emergency response policies for safeguarding personnel and assets. Our leadership team reviews the BCP annually to address any weaknesses.
Access our security documents
Get in touch to request SwiftComply's detailed security documents.
Our Security Commitment to You
Comprehensive Protection
We prioritize the security of your data with comprehensive policies for storage, transmission, and usage
Proactive Risk Management
We take a proactive approach to risk management to safeguard your data and ensure platform security
Robust Incident Response
We have established incident response processes to effectively detect, analyze, respond to, and recover from incidents.
Frequently Asked Questions
You retain complete ownership rights over your data. Rest assured, we will only utilize your data to provide the services outlined in your service agreement.
We store and process all data on the secure Google Cloud Platform (GCP). GCP ensures reliable and robust infrastructure, offering a trustworthy environment for your data.
Our daily database backups are retained for a period of seven days. The management of these backups is handled by the Google Cloud Platform.
We provide a self-serve platform that grants your application admin complete control over deleting or archiving customer data. Additionally, our support team is available to assist with any specific requests you may have.
Yes. During transit, your data is encrypted using HTTP over TLS, which ensures a secure connection. When at rest, your data is protected by GCP encryption keys. GCP services tightly control the physical security of our infrastructure.
Absolutely! Our team conducts regular security tests, including vulnerability audits and penetration tests. We leverage third-party tools like OWASP ZAP to perform comprehensive security assessments. These tests are carried out weekly to ensure the ongoing strength of our security measures.
Yes, we have a well-defined incident response program in place. This program establishes clear processes for effectively managing information security incidents and events. Rest assured; our team is prepared to handle any security incidents promptly and efficiently.