top of page

Security Policy

March 13, 2025

At GRC Safe, we are committed to ensuring the security, confidentiality, and integrity of our customers' data. Our security practices are designed to protect sensitive information and maintain compliance with industry standards.

 

1. Security Infrastructure

  • GRC Safe relies on Heroku for security, benefiting from its robust security infrastructure, including network isolation, encryption, and access controls.

  • Customer data is stored in Amazon Web Services (AWS), which maintains industry-leading security and compliance certifications, including SOC 2, ISO 27001, HIPAA, and PCI-DSS.

  • All data at rest and in transit is encrypted using industry-standard encryption protocols.

 

2. Compliance & Certifications

  • GRC Safe is actively pursuing SOC 2 Type II and ISO 27001 certifications.

  • Until certification is completed, we adhere to the security principles outlined in these frameworks and implement best practices to ensure compliance readiness.

 

3. Access Control & Authentication

  • Access to systems and data is granted on a least privilege basis.

  • Multi-Factor Authentication (MFA) is enforced for administrative access.

  • Role-based access controls (RBAC) are in place to prevent unauthorized access.

 

4. Data Protection & Encryption

  • Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+.

  • Sensitive data is never stored in plaintext and is processed in secure environments.

  • AWS-managed security tools such as AWS Shield and AWS WAF are utilized for threat protection.

 

5. Security Monitoring & Incident Response

  • We implement continuous monitoring to detect and respond to security threats in real time.

  • Security logs are collected and analyzed to identify anomalies or suspicious activity.

  • A formal Incident Response Plan is in place, ensuring timely investigation and resolution of security incidents.

 

6. Vendor & Third-Party Security

  • We conduct security assessments of third-party vendors to ensure they meet our security requirements.

  • AWS and Heroku, our primary service providers, maintain the highest security certifications and standards.

 

7. Security Awareness & Training

  • Employees undergo regular security awareness training to stay informed on evolving threats.

  • Internal security policies are regularly reviewed and updated to align with best practices.

 

8. Contact & Reporting Security Concerns

For any security concerns or to report vulnerabilities, please contact our security team at:

GRC Safe Security Team
admin@grcsafe.com

 

12. Contact Us

If you have any questions, please contact us at:

GRC Safe

Email: admin@grcsafe.com

bottom of page