Trust and security

We enforce modern authentication standards including Single Sign-On (SSO) and phishing-resistant Multi-Factor Authentication (MFA) for all employee access to internal systems.

Our production environment runs as immutable infrastructure and is strictly managed through infrastructure-as-code with automated security checks throughout our CI/CD pipeline.

We continuously monitor our cloud environments to identify, prioritize, and fix vulnerabilities while enforcing preventative controls to detect and respond to potential threats.

We ensure security and integrity throughout our SDLC with automated secret scanning, security testing, container image vulnerability scanning, and mandatory peer review for code changes.

Our security awareness programs include regular training on information security and data privacy, guidance on emerging threats, and team-specific guidelines for secure practices.

We employ a Security Information Event Management system that ingests security telemetry from all environments with a global team ready to quickly triage, investigate, and remediate events.

Our workstations run endpoint detection and response software providing malware prevention, detection, and containment capabilities alongside Data Loss Prevention tools.

Our risk management process is integrated with business and technical functions across the company, helping us identify opportunities to improve security and privacy, and to mitigate threats.

We ensure the security and reliability of supplier products and services to maintain the integrity of our offerings and protect customer data through comprehensive assessments.

We're actively working toward industry compliance certifications including SOC 2 and ISO 27001 to demonstrate our commitment to security, availability, processing integrity, and confidentiality.

We use cloud-native key solutions for secure key storage and management with automated controls ensuring that keys are not stored or transferred via insecure methods.