CEGsoft utilizes enterprise-grade best practices to protect our customers’ data, works with independent experts to verify its security, privacy, and compliance controls, and has achieved SOC 2 Type 1 report against stringent standards.
SOC 2 System and Organization Controls
Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, SOC 2 (System and Organization Controls 2) is a set of standards for evaluating the security and controls of a service organization. It is designed to help organizations demonstrate that they have robust controls in place to protect the security, confidentiality, and availability of their customers' data.
SOC 2 compliance is achieved by undergoing an independent audit, during which a service organization's controls are evaluated against the SOC 2 standards. The audit includes a review of the organization's policies, procedures, and practices related to security, availability, processing integrity, confidentiality, and privacy.
We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.
Continuous Security Control Monitoring
CEGsoft uses Drata’s automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allow CEGsoft to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.
Employee Training
Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.
Penetration Tests
CEGsoft works with industry-leading security firms to perform annual network and application layer penetration tests.
Secure Software Development
CEGsoft utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.
Data Encryption
Data is encrypted both in transit using TLS and at rest.
Vulnerability Disclosure Program
If you believe you’ve discovered a bug in CEGsoft’s security, please get in touch at infosec@cegsoft.com. Our security team promptly investigates all reported issues.