Compliance & Security

We follow a documented and systematic approach to manage our business with the highest level of compliance and security in mind. This page addresses our commitment to Compliance & Security Governance, Platform & Infrastructure Security, and Platform Availability.

Compliance & Security Governance

Policies & Procedures

We have documented and codified numerous policies and procedures addressing cyber & information security, fraud prevention and detection, software lifecycle management, code of conduct, vendor management, and internal controls.

Governance

Our Information Security Committee meets regularly to review and improve our compliance program, and provides regular updates to our board of directors.

Change Management

We follow a documented and systematic approach to request, document, implement, and provide permissions of least privilege for changes to our systems.

Platform & Infrastructure Security

Team Members

We conduct pre-employment background checks on all team members, and they must complete cybersecurity & phishing awareness training annually.

External Auditing

We employ third parties to perform routine scans and testing on our systems, including continuous vulnerability scanning and annual penetration testing, to ensure their security.

Authentication & Authorization

We employ a strict role-based access control (RBAC) model across all of our internal and external systems to only give permission of least privilege based on the team member’s role. All team member access is reviewed and updated regularly. We enforce multi-factor authentication (MFA) when available.

Data Encryption

We encrypt all data both at rest (AES-256-GCM) and in transit (TLS 1.2/1.3).

Environment Segmentation

All of our environments are fully segregated from each other (production and non-production), and no client personally identifiable information (PII) is migrated to non-production environments.

Sensitive Data

We do not store any sensitive PII data in our database systems such as social security numbers, date of birth, or banking information.

Platform Availability

Business Continuity

We have a documented business continuity plan that is reviewed at least annually and tests both natural disaster and cyber incident real-world scenarios.

Disaster Recovery

All production data is backed up regularly and systems are implemented across multiple availability zones to ensure adequate recovery time.

Monitoring

We monitor the platform and its infrastructure’s health continuously and log any issues for immediate review.

SOC2 Type II Compliant

At Allocate, we prioritize your data security, which is why we are proud to be SOC2 Type II compliant. This certification demonstrates our commitment to maintaining the highest standards of security, availability, and confidentiality for your data. Trust Allocate to protect your information with industry-leading safeguards.